CVE-2026-46154

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1

Description A Use-After-Free (UAF) issue exists in the sched ext component. The functions scx group set weight(), scx group set idle(), and scx group set bandwidth() cache the scx root pointer before acquiring the scx cgroup ops rwsem lock. If a scheduler is disabled and freed while another is enabled between the pointer load and the lock acquisition, the system may dereference a freed pointer during SCX HAS OP(sch, ...) or SCX CALL OP(sch, ...) calls. This occurs because the reader may perceive the scheduler as enabled based on the new scheduler's state while still using the stale pointer from the previous one.

Recommendations For openSUSE Tumbleweed, update to version kernel-devel-7.0.11-1.1. At the moment, there is no information about a newer version that contains a fix for this vulnerability for the Linux kernel.