CVE-2026-45919
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
sched/rt: Skip currently executing CPU in rto_next_cpu()<br />
<br />
CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound<br />
RT task, and a CFS task stuck in kernel space. When other CPUs switch from<br />
RT to non-RT tasks, RT load balancing (LB) is triggered; with<br />
HAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution<br />
of rto_push_irq_work_func. During push_rt_task on CPU0,<br />
if next_task->prio donor->prio, resched_curr() sets NEED_RESCHED<br />
and after the push operation completes, CPU0 calls rto_next_cpu().<br />
Since only CPU0 is overloaded in this scenario, rto_next_cpu() should<br />
ideally return -1 (no further IPI needed).<br />
<br />
However, multiple CPUs invoking tell_cpu_to_push() during LB increments<br />
rd->rto_loop_next. Even when rd->rto_cpu is set to -1, the mismatch between<br />
rd->rto_loop and rd->rto_loop_next forces rto_next_cpu() to restart its<br />
search from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory<br />
&& rt_nr_total > 1), it gets reselected, causing CPU0 to queue irq_work to<br />
itself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and<br />
other CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop,<br />
which triggers a CPU hardlockup due to continuous self-interrupts.<br />
<br />
The trigging scenario is as follows:<br />
<br />
cpu0 cpu1 cpu2<br />
pull_rt_task<br />
tell_cpu_to_push<br />
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4.103 (including) | 4.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.66 (including) | 4.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.3 (including) | 5.10.252 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.202 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.165 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.128 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.75 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/16ca9f3117e9a294646c897daf08a5ab546c711b
- https://git.kernel.org/stable/c/3b3c672a66db3de3b40f8a7057864bc1f874ede3
- https://git.kernel.org/stable/c/52aeb1e07ec223caf212f036817976c98d2aa250
- https://git.kernel.org/stable/c/8ad5577b2d4acfd83f03d97a0aece2d18aac5f07
- https://git.kernel.org/stable/c/94894c9c477e53bcea052e075c53f89df3d2a33e
- https://git.kernel.org/stable/c/9f25edc5a20cb52a5abbf25f0724bb4732b81801
- https://git.kernel.org/stable/c/a6a73403733e86748421f2eeaf028c85683ef896
- https://git.kernel.org/stable/c/d57d0746276a88ea43a2cc62b849fd8a95e32e41



