CVE-2026-23371

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting<br /> <br /> Running stress-ng --schedpolicy 0 on an RT kernel on a big machine<br /> might lead to the following WARNINGs (edited).<br /> <br /> sched: DL de-boosted task PID 22725: REPLENISH flag missing<br /> <br /> WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8<br /> ... (running_bw underflow)<br /> Call trace:<br /> dequeue_task_dl+0x15c/0x1f8 (P)<br /> dequeue_task+0x80/0x168<br /> deactivate_task+0x24/0x50<br /> push_dl_task+0x264/0x2e0<br /> dl_task_timer+0x1b0/0x228<br /> __hrtimer_run_queues+0x188/0x378<br /> hrtimer_interrupt+0xfc/0x260<br /> ...<br /> <br /> The problem is that when a SCHED_DEADLINE task (lock holder) is<br /> changed to a lower priority class via sched_setscheduler(), it may<br /> fail to properly inherit the parameters of potential DEADLINE donors<br /> if it didn&amp;#39;t already inherit them in the past (shorter deadline than<br /> donor&amp;#39;s at that time). This might lead to bandwidth accounting<br /> corruption, as enqueue_task_dl() won&amp;#39;t recognize the lock holder as<br /> boosted.<br /> <br /> The scenario occurs when:<br /> 1. A DEADLINE task (donor) blocks on a PI mutex held by another<br /> DEADLINE task (holder), but the holder doesn&amp;#39;t inherit parameters<br /> (e.g., it already has a shorter deadline)<br /> 2. sched_setscheduler() changes the holder from DEADLINE to a lower<br /> class while still holding the mutex<br /> 3. The holder should now inherit DEADLINE parameters from the donor<br /> and be enqueued with ENQUEUE_REPLENISH, but this doesn&amp;#39;t happen<br /> <br /> Fix the issue by introducing __setscheduler_dl_pi(), which detects when<br /> a DEADLINE (proper or boosted) task gets setscheduled to a lower<br /> priority class. In case, the function makes the task inherit DEADLINE<br /> parameters of the donoer (pi_se) and sets ENQUEUE_REPLENISH flag to<br /> ensure proper bandwidth accounting during the next enqueue operation.