HOMEVULNERABILITIESCVE-2026-52980
NONE

CVE-2026-52980

Published: June 24, 2026· Updated: Jun 24, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

sched/fair: Clear rel_deadline when initializing forked entities

A yield-triggered crash can happen when a newly forked sched_entity

enters the fair class with se->rel_deadline unexpectedly set.

The failing sequence is:

1. A task is forked while se->rel_deadline is still set.

2. __sched_fork() initializes vruntime, vlag and other sched_entity

state, but does not clear rel_deadline.

3. On the first enqueue, enqueue_entity() calls place_entity().

4. Because se->rel_deadline is set, place_entity() treats se->deadline

as a relative deadline and converts it to an absolute deadline by

adding the current vruntime.

5. However, the forked entity's deadline is not a valid inherited

relative deadline for this new scheduling instance, so the conversion

produces an abnormally large deadline.

6. If the task later calls sched_yield(), yield_task_fair() advances

se->vruntime to se->deadline.

7. The inflated vruntime is then used by the following enqueue path,

where the vruntime-derived key can overflow when multiplied by the

entity weight.

8. This corrupts cfs_rq->sum_w_vruntime, breaks EEVDF eligibility

calculation, and can eventually make all entities appear ineligible.

pick_next_entity() may then return NULL unexpectedly, leading to a

later NULL dereference.

A captured trace shows the effect clearly. Before yield, the entity's

vruntime was around:

9834017729983308

After yield_task_fair() executed:

se->vruntime = se->deadline

the vruntime jumped to:

19668035460670230

and the deadline was later advanced further to:

19668035463470230

This shows that the deadline had already become abnormally large before

yield_task_fair() copied it into vruntime.

rel_deadline is only meaningful when se->deadline really carries a

relative deadline that still needs to be placed against vruntime. A

freshly forked sched_entity should not inherit or retain this state.

Clear se->rel_deadline in __sched_fork(), together with the other

sched_entity runtime state, so that the first enqueue does not interpret

the new entity's deadline as a stale relative deadline.

NVD Source

Technical Analysis

CVE-2026-52980 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-52980
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJun 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-52980 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.