Bug 2468243 (CVE-2026-43417) - CVE-2026-43417 kernel: sched/mmcid: Handle vfork()/CLONE_VM correctly
Summary: CVE-2026-43417 kernel: sched/mmcid: Handle vfork()/CLONE_VM correctly
Keywords:
Status: NEW
Alias: CVE-2026-43417
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-08 15:06 UTC by OSIDB Bzimport
Modified: 2026-05-08 22:57 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-08 15:06:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

sched/mmcid: Handle vfork()/CLONE_VM correctly

Matthieu and Jiri reported stalls where a task endlessly loops in
mm_get_cid() when scheduling in.

It turned out that the logic which handles vfork()'ed tasks is broken. It
is invoked when the number of tasks associated to a process is smaller than
the number of MMCID users. It then walks the task list to find the
vfork()'ed task, but accounts all the already processed tasks as well.

If that double processing brings the number of to be handled tasks to 0,
the walk stops and the vfork()'ed task's CID is not fixed up. As a
consequence a subsequent schedule in fails to acquire a (transitional) CID
and the machine stalls.

Cure this by removing the accounting condition and make the fixup always
walk the full task list if it could not find the exact number of users in
the process' thread list.
Comment 1 Keith Grant 2026-05-08 22:55:48 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050845-CVE-2026-43417-e9af@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.