CVE-2026-43418

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/mmcid: Prevent CID stalls due to concurrent forks<br /> <br /> A newly forked task is accounted as MMCID user before the task is visible<br /> in the process&amp;#39; thread list and the global task list. This creates the<br /> following problem:<br /> <br /> CPU1 CPU2<br /> fork()<br /> sched_mm_cid_fork(tnew1)<br /> tnew1-&gt;mm.mm_cid_users++;<br /> tnew1-&gt;mm_cid.cid = getcid()<br /> -&gt; preemption<br /> fork()<br /> sched_mm_cid_fork(tnew2)<br /> tnew2-&gt;mm.mm_cid_users++;<br /> // Reaches the per CPU threshold<br /> mm_cid_fixup_tasks_to_cpus()<br /> for_each_other(current, p)<br /> ....<br /> <br /> As tnew1 is not visible yet, this fails to fix up the already allocated CID<br /> of tnew1. As a consequence a subsequent schedule in might fail to acquire a<br /> (transitional) CID and the machine stalls.<br /> <br /> Move the invocation of sched_mm_cid_fork() after the new task becomes<br /> visible in the thread and the task list to prevent this.<br /> <br /> This also makes it symmetrical vs. exit() where the task is removed as CID<br /> user before the task is removed from the thread and task lists.