{"api_version":"1","generated_at":"2026-07-04T08:54:48+00:00","cve":"CVE-2026-53328","urls":{"html":"https://cve.report/CVE-2026-53328","api":"https://cve.report/api/cve/CVE-2026-53328.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-53328","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-53328"},"summary":{"title":"sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()\n\nA WARN fires when systemd's user manager writes \"+cpu +memory +pids\" to\nits own subtree_control while a sched_ext scheduler is loaded:\n\n  WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0\n   scx_cgroup_move_task+0xa8/0xb0\n   sched_move_task+0x134/0x290\n   cpu_cgroup_attach+0x39/0x70\n   cgroup_migrate_execute+0x37d/0x450\n   cgroup_update_dfl_csses+0x1e3/0x270\n   cgroup_subtree_control_write+0x3e7/0x440\n\nscx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu\ncgroup changes. It can still be NULL when scx_cgroup_move_task() runs,\nthrough this sequence:\n\n  Step                               Result\n  ---------------------------------  ----------------------------------\n  1. cpu enabled on cgroup G         cpu css = A\n  2. cpu toggled off then on for G   A killed, B created (same cgroup)\n  3. an exiting task keeps A alive   migration skips it, A now stale\n  4. +memory migrates G              stale A vs current B pulls cpu in\n  5. cpu attach runs for all tasks   hits a live, cpu-unchanged task\n  6. scx_cgroup_move_task() on it    cgrp_moving_from NULL -> WARN\n\nThe mismatch is that scx_cgroup_can_attach() keys on cgroup identity\nwhile migration drives the move on css identity, so a NULL cgrp_moving_from\nhere is a legitimate css-only migration, not a missing prep.\n\nThe call is already gated on cgrp_moving_from, so just drop the warning.\nops.cgroup_prep_move() and ops.cgroup_move() stay paired.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-07-01 14:16:40","updated_at":"2026-07-01 14:16:40"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/bc75f5951fac4e49d175c4433fc08fb1ec01172f","name":"https://git.kernel.org/stable/c/bc75f5951fac4e49d175c4433fc08fb1ec01172f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0ffcad63b19a1cadb475c9f405a93607fdcd0d7c","name":"https://git.kernel.org/stable/c/0ffcad63b19a1cadb475c9f405a93607fdcd0d7c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/02e545c4297a26dbbc41df81b831e7f605bcd306","name":"https://git.kernel.org/stable/c/02e545c4297a26dbbc41df81b831e7f605bcd306","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/cdff2eb97be147d2ce52ac1327841068781f25dc","name":"https://git.kernel.org/stable/c/cdff2eb97be147d2ce52ac1327841068781f25dc","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-53328","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53328","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8195136669661fdfe54e9a8923c33b31c92fc1da cdff2eb97be147d2ce52ac1327841068781f25dc git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8195136669661fdfe54e9a8923c33b31c92fc1da 0ffcad63b19a1cadb475c9f405a93607fdcd0d7c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8195136669661fdfe54e9a8923c33b31c92fc1da bc75f5951fac4e49d175c4433fc08fb1ec01172f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8195136669661fdfe54e9a8923c33b31c92fc1da 02e545c4297a26dbbc41df81b831e7f605bcd306 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.12","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.94 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.36 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.13 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"53328","cve":"CVE-2026-53328","epss":"0.001680000","percentile":"0.063660000","score_date":"2026-07-03","updated_at":"2026-07-04 00:02:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["kernel/sched/ext.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"cdff2eb97be147d2ce52ac1327841068781f25dc","status":"affected","version":"8195136669661fdfe54e9a8923c33b31c92fc1da","versionType":"git"},{"lessThan":"0ffcad63b19a1cadb475c9f405a93607fdcd0d7c","status":"affected","version":"8195136669661fdfe54e9a8923c33b31c92fc1da","versionType":"git"},{"lessThan":"bc75f5951fac4e49d175c4433fc08fb1ec01172f","status":"affected","version":"8195136669661fdfe54e9a8923c33b31c92fc1da","versionType":"git"},{"lessThan":"02e545c4297a26dbbc41df81b831e7f605bcd306","status":"affected","version":"8195136669661fdfe54e9a8923c33b31c92fc1da","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["kernel/sched/ext.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.12"},{"lessThan":"6.12","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.94","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.36","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.13","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.94","versionStartIncluding":"6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.36","versionStartIncluding":"6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.13","versionStartIncluding":"6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1","versionStartIncluding":"6.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()\n\nA WARN fires when systemd's user manager writes \"+cpu +memory +pids\" to\nits own subtree_control while a sched_ext scheduler is loaded:\n\n  WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0\n   scx_cgroup_move_task+0xa8/0xb0\n   sched_move_task+0x134/0x290\n   cpu_cgroup_attach+0x39/0x70\n   cgroup_migrate_execute+0x37d/0x450\n   cgroup_update_dfl_csses+0x1e3/0x270\n   cgroup_subtree_control_write+0x3e7/0x440\n\nscx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu\ncgroup changes. It can still be NULL when scx_cgroup_move_task() runs,\nthrough this sequence:\n\n  Step                               Result\n  ---------------------------------  ----------------------------------\n  1. cpu enabled on cgroup G         cpu css = A\n  2. cpu toggled off then on for G   A killed, B created (same cgroup)\n  3. an exiting task keeps A alive   migration skips it, A now stale\n  4. +memory migrates G              stale A vs current B pulls cpu in\n  5. cpu attach runs for all tasks   hits a live, cpu-unchanged task\n  6. scx_cgroup_move_task() on it    cgrp_moving_from NULL -> WARN\n\nThe mismatch is that scx_cgroup_can_attach() keys on cgroup identity\nwhile migration drives the move on css identity, so a NULL cgrp_moving_from\nhere is a legitimate css-only migration, not a missing prep.\n\nThe call is already gated on cgrp_moving_from, so just drop the warning.\nops.cgroup_prep_move() and ops.cgroup_move() stay paired."}],"providerMetadata":{"dateUpdated":"2026-07-01T13:32:14.030Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/cdff2eb97be147d2ce52ac1327841068781f25dc"},{"url":"https://git.kernel.org/stable/c/0ffcad63b19a1cadb475c9f405a93607fdcd0d7c"},{"url":"https://git.kernel.org/stable/c/bc75f5951fac4e49d175c4433fc08fb1ec01172f"},{"url":"https://git.kernel.org/stable/c/02e545c4297a26dbbc41df81b831e7f605bcd306"}],"title":"sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-53328","datePublished":"2026-07-01T13:32:14.030Z","dateReserved":"2026-06-09T07:44:35.398Z","dateUpdated":"2026-07-01T13:32:14.030Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-01 14:16:40","lastModifiedDate":"2026-07-01 14:16:40","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"53328","Ordinal":"1","Title":"sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_mov","CVE":"CVE-2026-53328","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"53328","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()\n\nA WARN fires when systemd's user manager writes \"+cpu +memory +pids\" to\nits own subtree_control while a sched_ext scheduler is loaded:\n\n  WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0\n   scx_cgroup_move_task+0xa8/0xb0\n   sched_move_task+0x134/0x290\n   cpu_cgroup_attach+0x39/0x70\n   cgroup_migrate_execute+0x37d/0x450\n   cgroup_update_dfl_csses+0x1e3/0x270\n   cgroup_subtree_control_write+0x3e7/0x440\n\nscx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu\ncgroup changes. It can still be NULL when scx_cgroup_move_task() runs,\nthrough this sequence:\n\n  Step                               Result\n  ---------------------------------  ----------------------------------\n  1. cpu enabled on cgroup G         cpu css = A\n  2. cpu toggled off then on for G   A killed, B created (same cgroup)\n  3. an exiting task keeps A alive   migration skips it, A now stale\n  4. +memory migrates G              stale A vs current B pulls cpu in\n  5. cpu attach runs for all tasks   hits a live, cpu-unchanged task\n  6. scx_cgroup_move_task() on it    cgrp_moving_from NULL -> WARN\n\nThe mismatch is that scx_cgroup_can_attach() keys on cgroup identity\nwhile migration drives the move on css identity, so a NULL cgrp_moving_from\nhere is a legitimate css-only migration, not a missing prep.\n\nThe call is already gated on cgrp_moving_from, so just drop the warning.\nops.cgroup_prep_move() and ops.cgroup_move() stay paired.","Type":"Description","Title":"sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_mov"}]}}}