CVE-2026-43392

Source
https://cve.org/CVERecord?id=CVE-2026-43392
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43392.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43392
Downstream
Published
2026-05-08T14:21:36.692Z
Modified
2026-07-15T01:49:03.752457270Z
Summary
sched_ext: Fix starvation of scx_enable() under fair-class saturation
Details

In the Linux kernel, the following vulnerability has been resolved:

schedext: Fix starvation of scxenable() under fair-class saturation

During scxenable(), the READY -> ENABLED task switching loop changes the calling thread's schedclass from fair to ext. Since fair has higher priority than ext, saturating fair-class workloads can indefinitely starve the enable thread, hanging the system. This was introduced when the enable path switched from preemptdisable() to scxbypass() which doesn't protect against fair-class starvation. Note that the original preemptdisable() protection wasn't complete either - in partial switch modes, the calling thread could still be starved after preemptenable() as it may have been switched to ext class.

Fix it by offloading the enable body to a dedicated system-wide RT (SCHEDFIFO) kthread which cannot be starved by either fair or ext class tasks. scxenable() lazily creates the kthread on first use and passes the ops pointer through a struct scxenablecmd containing the kthread_work, then synchronously waits for completion.

The workfn runs on a different kthread from sch->helper (which runs disablework), so it can safely flush disablework on the error path without deadlock.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43392.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8c2090c504e998c8f34ec870bae71dafcc96a6e0
Fixed
e0b14bf06393be137d3efb6a3b7cd5b4b9810a6b
Fixed
c44198f25fdfecc0ec0fe366bf8a47fe17d8e229
Fixed
05ab9ec5dc24f234e0a2fecf3e6ff937c68f7d81
Fixed
b06ccbabe2506fd70b9167a644978b049150224a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43392.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43392.json"