Use-after-free in Linux kernel - CVE-2026-43438
Published: May 8, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in scx_cgroup_init() when handling an error path during cgroup hierarchy iteration. A local user can trigger the vulnerable code path to cause a denial of service.
The issue is caused by an unbalanced css_put() call that can lead to a refcount underflow.