Description
In the Linux kernel, the following vulnerability has been resolved:

sched/mmcid: Handle vfork()/CLONE_VM correctly

Matthieu and Jiri reported stalls where a task endlessly loops in
mm_get_cid() when scheduling in.

It turned out that the logic which handles vfork()'ed tasks is broken. It
is invoked when the number of tasks associated to a process is smaller than
the number of MMCID users. It then walks the task list to find the
vfork()'ed task, but accounts all the already processed tasks as well.

If that double processing brings the number of to be handled tasks to 0,
the walk stops and the vfork()'ed task's CID is not fixed up. As a
consequence a subsequent schedule in fails to acquire a (transitional) CID
and the machine stalls.

Cure this by removing the accounting condition and make the fixup always
walk the full task list if it could not find the exact number of users in
the process' thread list.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel's sched/mmcid code causes an infinite loop when a vfork()‑ed task is scheduled. The logic that counts vfork() tasks mistakenly stops the walk when the counted tasks exceed the number of MMCID users, leaving the task's CID unassigned. Once this occurs, subsequent scheduling attempts cannot acquire a transitional CID and the kernel stalls, resulting in a system freeze and loss of service availability.

Affected Systems

The vulnerability affects all Linux kernel releases that include the buggy sched/mmcid implementation and have not yet incorporated the patch found in the linked commits. No specific version numbers are provided, so any current kernel variant lacking these changes could be vulnerable. The impact is limited to Linux systems, irrespective of distribution, as it resides in the core kernel.

Risk and Exploitability

The CVSS score is 5.5 and EPSS is < 1%, indicating a very low probability of exploitation. Despite this, a kernel stall can halt services and impair availability. It is inferred that exploitation would likely require local privileged execution, such as a process that uses vfork() with CLONE_VM, and the vulnerability is not listed in the CISA KEV catalog. Until the kernel is patched, the risk remains non‑negligible but not imminent.

Generated by OpenCVE AI on May 26, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that resolves the mmcid vfork handling issue (referencing commits 28b5a1395036d6c7a6c8034d85ad3d7d365f192c or e6761cdce78a8919a537989afb6aaf6881469f83), rebuild the kernel, and install the updated kernel image.
  • Update the system to the latest stable Linux kernel version that includes the fix (for example, 7.0 rc3 or newer) and reboot to activate the patch.
  • If the update cannot be applied immediately, temporarily avoid using vfork() with CLONE_VM in applications until the kernel is patched, or replace such usage with fork() or other safe alternatives.

Generated by OpenCVE AI on May 26, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 09 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-730

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1095
References

Fri, 08 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-730

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork()/CLONE_VM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mm_get_cid() when scheduling in. It turned out that the logic which handles vfork()'ed tasks is broken. It is invoked when the number of tasks associated to a process is smaller than the number of MMCID users. It then walks the task list to find the vfork()'ed task, but accounts all the already processed tasks as well. If that double processing brings the number of to be handled tasks to 0, the walk stops and the vfork()'ed task's CID is not fixed up. As a consequence a subsequent schedule in fails to acquire a (transitional) CID and the machine stalls. Cure this by removing the accounting condition and make the fixup always walk the full task list if it could not find the exact number of users in the process' thread list.
Title sched/mmcid: Handle vfork()/CLONE_VM correctly
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:24:11.172Z

Reserved: 2026-05-01T14:12:56.008Z

Link: CVE-2026-43417

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T15:16:53.700

Modified: 2026-05-22T19:40:46.830

Link: CVE-2026-43417

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43417 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:30:10Z

Weaknesses