CVE-2026-45919
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
24/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
sched/rt: Skip currently executing CPU in rto_next_cpu()<br />
<br />
CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound<br />
RT task, and a CFS task stuck in kernel space. When other CPUs switch from<br />
RT to non-RT tasks, RT load balancing (LB) is triggered; with<br />
HAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution<br />
of rto_push_irq_work_func. During push_rt_task on CPU0,<br />
if next_task->prio donor->prio, resched_curr() sets NEED_RESCHED<br />
and after the push operation completes, CPU0 calls rto_next_cpu().<br />
Since only CPU0 is overloaded in this scenario, rto_next_cpu() should<br />
ideally return -1 (no further IPI needed).<br />
<br />
However, multiple CPUs invoking tell_cpu_to_push() during LB increments<br />
rd->rto_loop_next. Even when rd->rto_cpu is set to -1, the mismatch between<br />
rd->rto_loop and rd->rto_loop_next forces rto_next_cpu() to restart its<br />
search from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory<br />
&& rt_nr_total > 1), it gets reselected, causing CPU0 to queue irq_work to<br />
itself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and<br />
other CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop,<br />
which triggers a CPU hardlockup due to continuous self-interrupts.<br />
<br />
The trigging scenario is as follows:<br />
<br />
cpu0 cpu1 cpu2<br />
pull_rt_task<br />
tell_cpu_to_push<br />
Impacto
Puntuación base 3.x
5.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4.103 (incluyendo) | 4.5 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.66 (incluyendo) | 4.10 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.3 (incluyendo) | 5.10.252 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (incluyendo) | 5.15.202 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (incluyendo) | 6.1.165 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (incluyendo) | 6.6.128 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (incluyendo) | 6.12.75 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.14 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 6.19.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/16ca9f3117e9a294646c897daf08a5ab546c711b
- https://git.kernel.org/stable/c/3b3c672a66db3de3b40f8a7057864bc1f874ede3
- https://git.kernel.org/stable/c/52aeb1e07ec223caf212f036817976c98d2aa250
- https://git.kernel.org/stable/c/8ad5577b2d4acfd83f03d97a0aece2d18aac5f07
- https://git.kernel.org/stable/c/94894c9c477e53bcea052e075c53f89df3d2a33e
- https://git.kernel.org/stable/c/9f25edc5a20cb52a5abbf25f0724bb4732b81801
- https://git.kernel.org/stable/c/a6a73403733e86748421f2eeaf028c85683ef896
- https://git.kernel.org/stable/c/d57d0746276a88ea43a2cc62b849fd8a95e32e41



