CVE-2026-43438

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A refcount underflow occurs in the scx cgroup init() function due to a redundant call to css put() in the error path. The iterator css for each descendant pre() traverses the cgroup hierarchy under cgroup lock() without incrementing reference counts on yielded css structs. Because css put() is intended only to release references obtained via css get() or css tryget online(), its incorrect use in this context can lead to a Use-After-Free (UAF) condition, where the system attempts to access memory that has already been freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.