Description
In the Linux kernel, the following vulnerability has been resolved:

sched/mmcid: Prevent CID stalls due to concurrent forks

A newly forked task is accounted as MMCID user before the task is visible
in the process' thread list and the global task list. This creates the
following problem:

CPU1 CPU2
fork()
sched_mm_cid_fork(tnew1)
tnew1->mm.mm_cid_users++;
tnew1->mm_cid.cid = getcid()
-> preemption
fork()
sched_mm_cid_fork(tnew2)
tnew2->mm.mm_cid_users++;
// Reaches the per CPU threshold
mm_cid_fixup_tasks_to_cpus()
for_each_other(current, p)
....

As tnew1 is not visible yet, this fails to fix up the already allocated CID
of tnew1. As a consequence a subsequent schedule in might fail to acquire a
(transitional) CID and the machine stalls.

Move the invocation of sched_mm_cid_fork() after the new task becomes
visible in the thread and the task list to prevent this.

This also makes it symmetrical vs. exit() where the task is removed as CID
user before the task is removed from the thread and task lists.
Published: 2026-05-08
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During a concurrent fork scenario on the Linux kernel, the scheduler registers a newly created task as an MMCID user before the task becomes visible in the thread and global task lists. Because the per‑CPU threshold handling runs before this visibility, the scheduler may fail to fix the task’s CID, causing a stall when it later attempts to acquire a CID. The flaw is a classic race condition (CWE‑821) that can freeze the system, representing a denial‑of‑service. This also makes it symmetrical vs. exit() where the task is removed as a CID user before the task is removed from the thread and task lists.

Affected Systems

The flaw is present in the Linux kernel itself; any kernel version that contains the old MMCID handling logic is potentially vulnerable. No specific distribution or version numbers are provided, but the patch that corrects the issue is available in recent kernel releases that reorder sched_mm_cid_fork to execute after the new task is made visible.

Risk and Exploitability

Risk is significant because a failure to acquire a CID can halt the scheduler and freeze the machine, a CVSS score of 7.0 indicating high severity. While exploitation probability is unknown due to missing EPSS and no KEV listing, the denial‑of‑service nature of the flaw warrants priority mitigation.

Generated by OpenCVE AI on May 9, 2026 at 04:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that contains the sched/mmcid patch, which rearranges the logic so the new task is visible before the MMCID user count is increased.
  • If a kernel upgrade cannot be performed immediately, reduce or throttle concurrent fork operations on heavily loaded CPUs during critical periods to avoid reaching the per‑CPU threshold while the race condition may occur.
  • Continuously monitor kernel logs (e.g., dmesg or /var/log/kern.log) for scheduler stalls or CID allocation errors, and adjust process workload or scheduling policies accordingly.

Generated by OpenCVE AI on May 9, 2026 at 04:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 08 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2 fork() sched_mm_cid_fork(tnew1) tnew1->mm.mm_cid_users++; tnew1->mm_cid.cid = getcid() -> preemption fork() sched_mm_cid_fork(tnew2) tnew2->mm.mm_cid_users++; // Reaches the per CPU threshold mm_cid_fixup_tasks_to_cpus() for_each_other(current, p) .... As tnew1 is not visible yet, this fails to fix up the already allocated CID of tnew1. As a consequence a subsequent schedule in might fail to acquire a (transitional) CID and the machine stalls. Move the invocation of sched_mm_cid_fork() after the new task becomes visible in the thread and the task list to prevent this. This also makes it symmetrical vs. exit() where the task is removed as CID user before the task is removed from the thread and task lists.
Title sched/mmcid: Prevent CID stalls due to concurrent forks
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:54.362Z

Reserved: 2026-05-01T14:12:56.008Z

Link: CVE-2026-43418

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:53.803

Modified: 2026-05-08T15:16:53.803

Link: CVE-2026-43418

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43418 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:45:26Z

Weaknesses