Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css structs. According to the cgroup documentation, css_put() should only be used to release a reference obtained via css_get() or css_tryget_online(). Since the iterator does not use either of these to acquire a reference, calling css_put() in the error path of scx_cgroup_init() causes a refcount underflow. Remove the unbalanced css_put() to prevent a potential Use-After-Free (UAF) vulnerability.
Product status
8195136669661fdfe54e9a8923c33b31c92fc1da (git) before cc095cd305fddbe25a968e4a78436ff9476cf0f6
8195136669661fdfe54e9a8923c33b31c92fc1da (git) before 6eaaa67d6998f6c30c462b140db8c062e07ec473
8195136669661fdfe54e9a8923c33b31c92fc1da (git) before bf50f3285eda8a0173625fcdb5f183f96e1008cd
8195136669661fdfe54e9a8923c33b31c92fc1da (git) before 1336b579f6079fb8520be03624fcd9ba443c930b
6.12
Any version before 6.12
6.12.78 (semver)
6.18.19 (semver)
6.19.9 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/cc095cd305fddbe25a968e4a78436ff9476cf0f6
git.kernel.org/...c/6eaaa67d6998f6c30c462b140db8c062e07ec473
git.kernel.org/...c/bf50f3285eda8a0173625fcdb5f183f96e1008cd
git.kernel.org/...c/1336b579f6079fb8520be03624fcd9ba443c930b