Impact
This vulnerability resides in the Linux kernel’s fair scheduler. During a fork, the scheduler fails to clear the rel_deadline field of the new sched_entity, causing a stale relative deadline to be treated as an absolute deadline during the first enqueue. The resulting deadline value is far beyond the valid range, and when the fork yields, the scheduler advances its virtual runtime to this inflated deadline. This overflow corrupts scheduler bookkeeping structures, ultimately causing pick_next_entity() to return NULL a NULL pointer, which triggers a kernel panic. The primary impact is a local denial of service because a kernel crash renders the host unusable. The flaw is an Integer Overflow (CWE-190) that allows the scheduler to miscalculate deadlines and overflow scheduler state.
Affected Systems
All Linux kernel installations that have not applied the rel_deadline clearing fix, regardless of distribution or version, are potentially vulnerable. The specific kernel versions affected are not listed, so any running kernel prior to the patch is considered at risk.
Risk and Exploitability
The exploit is local; an attacker who can execute user‑level code can create a forked process that later calls sched_yield to trigger the bug. The CVSS score of 7.0 indicates high severity, but the EPSS score of <1% reflects a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, indicating no known large‑scale exploitation. Attackers need only user privileges and the conditions are deterministic, making the crash predictable if the conditions are met. Because the fault propagates to a kernel panic, it results in an immediate denial of service.
OpenCVE Enrichment