CVE-2026-46154

EUVD-2026-32781
In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters

scx_group_set_{weight,idle,bandwidth}() cache scx_root before acquiring
scx_cgroup_ops_rwsem, so the pointer can be stale by the time the op runs.
If the loaded scheduler is disabled and freed (via RCU work) and another is
enabled between the naked load and the rwsem acquire, the reader sees
scx_cgroup_enabled=true (the new scheduler's) but dereferences the freed one
- UAF on SCX_HAS_OP(sch, ...) / SCX_CALL_OP(sch, ...).

scx_cgroup_enabled is toggled only under scx_cgroup_ops_rwsem write
(scx_cgroup_{init,exit}), so reading scx_root inside the rwsem read section
correlates @sch with the enabled snapshot.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.18 ≤
𝑥
< 6.18.32
linuxlinux_kernel
6.19 ≤
𝑥
< 7.0.7
linuxlinux_kernel
7.1:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.176-1
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.259-1
fixed
forky
7.1.3-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.94-1
fixed
trixie (security)
6.12.95-1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.18
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel-livepatch-6.18.33-63.124
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.33-63.124.amzn2023
fixed