SB2026050886 - Race condition in Linux kernel cgroup
Published: May 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2026-43439)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in css_task_iter handling in the cgroup task iteration logic when iterating tasks concurrently with task migration between css_set lists. A local user can trigger task migration while cgroup.procs is being read to cause a denial of service.
Successful exploitation requires a very small race window between task migration and iteration, and may lead to crashes or infinite loops.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3b95abab7369235a37b15eaec6e1a0b443bba7c7
- https://git.kernel.org/stable/c/3dfd1328c05234e8d8fa61948b2ba82680594988
- https://git.kernel.org/stable/c/4a9654a2b46cfdaae287fb8995f536245635e467
- https://git.kernel.org/stable/c/5ee01f1a7343d6a3547b6802ca2d4cdce0edacb1
- https://git.kernel.org/stable/c/7c85debc35e6d131bd29c64f2ae78c6ede0e55c4
- https://git.kernel.org/stable/c/86ceaccfdfa16dad05addb33dc206e03589bcfd1
- https://git.kernel.org/stable/c/9cca530c7cc1b3e02cb8fa7f80060dd4b38562ce
- https://git.kernel.org/stable/c/9dc76f6fc0d28d2382583715bc4ec22f28104845