Linux Kernel Cgroup Cpuset Vulnerability Leading to System Panic

Vulnerability

A vulnerability in the Linux kernel's cgroup cpuset management has been addressed. The issue arose because the validation process in 'update_parent_subparts_cpumask()' incorrectly assessed whether a partition could utilize all CPUs from its parent cpuset. This flaw allowed a parent cpuset to be left with no effective CPUs available, even when tasks were present, potentially causing a system panic. The vulnerability has been fixed by correcting the validation check to ensure that a parent's effective CPUs are not a subset of the child's allowed CPUs. Additionally, the error code is now recorded when issues occur in 'update_prstate()', and a test case has been added to verify this fix.

Impact

Exploitation of this vulnerability could lead to a system panic, causing a denial of service by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Cgroup Cpuset Vulnerability Leading to System Panic

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating