CVE-2026-53328

Source
https://cve.org/CVERecord?id=CVE-2026-53328
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53328.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53328
Downstream
Published
2026-07-01T13:32:14.030Z
Modified
2026-07-08T08:13:43.745521338Z
Summary
sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
Details

In the Linux kernel, the following vulnerability has been resolved:

schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask()

A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded:

WARNING: at kernel/sched/ext.c:3227 scxcgroupmovetask+0xa8/0xb0 scxcgroupmovetask+0xa8/0xb0 schedmovetask+0x134/0x290 cpucgroupattach+0x39/0x70 cgroupmigrateexecute+0x37d/0x450 cgroupupdatedflcsses+0x1e3/0x270 cgroupsubtreecontrolwrite+0x3e7/0x440

scxcgroupcanattach() arms cgrpmovingfrom only when a task's cpu cgroup changes. It can still be NULL when scxcgroupmovetask() runs, through this sequence:

Step Result


  1. cpu enabled on cgroup G cpu css = A
  2. cpu toggled off then on for G A killed, B created (same cgroup)
  3. an exiting task keeps A alive migration skips it, A now stale
  4. +memory migrates G stale A vs current B pulls cpu in
  5. cpu attach runs for all tasks hits a live, cpu-unchanged task
  6. scxcgroupmovetask() on it cgrpmoving_from NULL -> WARN

The mismatch is that scxcgroupcanattach() keys on cgroup identity while migration drives the move on css identity, so a NULL cgrpmoving_from here is a legitimate css-only migration, not a missing prep.

The call is already gated on cgrpmovingfrom, so just drop the warning. ops.cgroupprepmove() and ops.cgroup_move() stay paired.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53328.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8195136669661fdfe54e9a8923c33b31c92fc1da
Fixed
cdff2eb97be147d2ce52ac1327841068781f25dc
Fixed
0ffcad63b19a1cadb475c9f405a93607fdcd0d7c
Fixed
bc75f5951fac4e49d175c4433fc08fb1ec01172f
Fixed
02e545c4297a26dbbc41df81b831e7f605bcd306

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53328.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53328.json"