Impact
The vulnerability involves the Linux kernel generating a warning when systemd’s user manager writes control flags to its own subtree_control while a sched_ext scheduler is loaded. The warning results from an internal NULL pointer that is allowed in normal operation; the code already guards against the NULL pointer, so the warning can safely be suppressed. No data corruption, privilege escalation, or denial of service occurs.
Affected Systems
Affected systems are Linux kernels that use the sched_ext scheduler, regardless of distribution. The issue is triggered when the user manager writes "+cpu +memory +pids" to a cgroup’s subtree while a task’s CPU cgroup changes, causing a legitimate migration path to hit a NULL reference. This applies to any kernel revision prior to the fix or to distributions that have not yet updated the kernel version.
Risk and Exploitability
Risk and exploitability are effectively nil. The CVSS and EPSS metrics are not available, and the vulnerability is not listed in CISA’s KEV catalog. There is no attack vector that an adversary can exploit, inferred from the description; the warning is purely informational and does not alter system state or security properties.
OpenCVE Enrichment