CVE-2026-23371

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s scheduling logic related to SCHED DEADLINE tasks. Specifically, when a SCHED DEADLINE task changes to a lower priority class using sched setscheduler(), it may fail to correctly inherit parameters from potential DEADLINE donors if it hadn't already inherited them. This can lead to bandwidth accounting corruption because enqueue task dl() might not recognize the task as boosted. The issue occurs when a DEADLINE task blocks on a PI mutex held by another DEADLINE task, the holder doesn't initially inherit parameters, and the holder's priority is then lowered while still holding the mutex. The fix involves introducing the setscheduler dl pi() function to detect when a DEADLINE task is changed to a lower priority class, ensuring it inherits the necessary parameters and sets the ENQUEUE REPLENISH flag for proper bandwidth accounting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.