Description
In the Linux kernel, the following vulnerability has been resolved:

sched/mmcid: Handle vfork()/CLONE_VM correctly

Matthieu and Jiri reported stalls where a task endlessly loops in
mm_get_cid() when scheduling in.

It turned out that the logic which handles vfork()'ed tasks is broken. It
is invoked when the number of tasks associated to a process is smaller than
the number of MMCID users. It then walks the task list to find the
vfork()'ed task, but accounts all the already processed tasks as well.

If that double processing brings the number of to be handled tasks to 0,
the walk stops and the vfork()'ed task's CID is not fixed up. As a
consequence a subsequent schedule in fails to acquire a (transitional) CID
and the machine stalls.

Cure this by removing the accounting condition and make the fixup always
walk the full task list if it could not find the exact number of users in
the process' thread list.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Linux kernel’s sched/mmcid code causes an infinite loop when a vfork()‑ed task is scheduled. The logic that counts vfork() tasks mistakenly stops the walk when the counted tasks exceed the number of MMCID users, leaving the task’s CID unassigned. Once this occurs, subsequent scheduling attempts cannot acquire a transitional CID and the kernel stalls, resulting in a system freeze and loss of service availability.

Affected Systems

The vulnerability affects all Linux kernel releases that include the buggy sched/mmcid implementation and have not yet incorporated the patch found in the linked commits. No specific version numbers are provided, so any current kernel variant lacking these changes could be vulnerable. The impact is limited to Linux systems, irrespective of distribution, as it resides in the core kernel.

Risk and Exploitability

The CVSS score is not reported and EPSS is unavailable, but the impact of a kernel stall is consequential. Exploitation would likely require local privileged execution, such as creating a vfork()’ed process with a multithreaded parent. The absence of a KEV listing implies no publicly known exploits, yet the bug’s potential to halt critical services makes it a compelling target for attackers. Until the kernel is patched or upgraded, the risk remains high.

Generated by OpenCVE AI on May 9, 2026 at 05:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch that corrects the vfork/CLONE_VM handling in sched/mmcid (see the linked git commits).
  • Upgrade the Linux kernel to a version that includes this fix, such as the latest stable release.
  • Reboot the machine so that the scheduler starts fresh and any stale tasks are cleared.

Generated by OpenCVE AI on May 9, 2026 at 05:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-730

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1095
References

Fri, 08 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-730

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork()/CLONE_VM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mm_get_cid() when scheduling in. It turned out that the logic which handles vfork()'ed tasks is broken. It is invoked when the number of tasks associated to a process is smaller than the number of MMCID users. It then walks the task list to find the vfork()'ed task, but accounts all the already processed tasks as well. If that double processing brings the number of to be handled tasks to 0, the walk stops and the vfork()'ed task's CID is not fixed up. As a consequence a subsequent schedule in fails to acquire a (transitional) CID and the machine stalls. Cure this by removing the accounting condition and make the fixup always walk the full task list if it could not find the exact number of users in the process' thread list.
Title sched/mmcid: Handle vfork()/CLONE_VM correctly
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:53.618Z

Reserved: 2026-05-01T14:12:56.008Z

Link: CVE-2026-43417

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:53.700

Modified: 2026-05-08T15:16:53.700

Link: CVE-2026-43417

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43417 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T05:30:16Z

Weaknesses