CVE-2026-23371

In the Linux kernel, the following vulnerability has been resolved:

sched/deadline: Fix missing ENQUEUE REPLENISH during PI de-boosting

Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs (edited).

sched: DL de-boosted task PID 22725: REPLENISH flag missing

WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue task dl+0x15c/0x1f8 ... (running bw underflow) Call trace: dequeue task dl+0x15c/0x1f8 (P) dequeue task+0x80/0x168 deactivate task+0x24/0x50 push dl task+0x264/0x2e0 dl task timer+0x1b0/0x228 hrtimer run queues+0x188/0x378 hrtimer interrupt+0xfc/0x260 ...

The problem is that when a SCHED DEADLINE task (lock holder) is changed to a lower priority class via sched setscheduler(), it may fail to properly inherit the parameters of potential DEADLINE donors if it didn't already inherit them in the past (shorter deadline than donor's at that time). This might lead to bandwidth accounting corruption, as enqueue task dl() won't recognize the lock holder as boosted.

The scenario occurs when:

Fix the issue by introducing setscheduler dl pi(), which detects when a DEADLINE (proper or boosted) task gets setscheduled to a lower priority class. In case, the function makes the task inherit DEADLINE parameters of the donoer (pi se) and sets ENQUEUE REPLENISH flag to ensure proper bandwidth accounting during the next enqueue operation.