In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css structs. According to the cgroup documentation, css_put() should only be used to release a reference obtained via css_get() or css_tryget_online(). Since the iterator does not use either of these to acquire a reference, calling css_put() in the error path of scx_cgroup_init() causes a refcount underflow. Remove the unbalanced css_put() to prevent a potential Use-After-Free (UAF) vulnerability.

A flaw was found in the Linux kernel's sched_ext component. This vulnerability is caused by a redundant `css_put()` call in the `scx_cgroup_init()` function, leading to a reference count underflow. This can result in a Use-After-Free (UAF) vulnerability, potentially allowing a local attacker to cause a denial of service or achieve privilege escalation.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43438 https://nvd.nist.gov/vuln/detail/CVE-2026-43438 https://lore.kernel.org/linux-cve-announce/2026050853-CVE-2026-43438-f2f2@gregkh/T