HOMEVULNERABILITIESCVE-2026-53328
NONE

CVE-2026-53328

Published: July 1, 2026· Updated: Jul 1, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.4th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()

A WARN fires when systemd's user manager writes "+cpu +memory +pids" to

its own subtree_control while a sched_ext scheduler is loaded:

WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0

scx_cgroup_move_task+0xa8/0xb0

sched_move_task+0x134/0x290

cpu_cgroup_attach+0x39/0x70

cgroup_migrate_execute+0x37d/0x450

cgroup_update_dfl_csses+0x1e3/0x270

cgroup_subtree_control_write+0x3e7/0x440

scx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu

cgroup changes. It can still be NULL when scx_cgroup_move_task() runs,

through this sequence:

Step Result

--------------------------------- ----------------------------------

1. cpu enabled on cgroup G cpu css = A

2. cpu toggled off then on for G A killed, B created (same cgroup)

3. an exiting task keeps A alive migration skips it, A now stale

4. +memory migrates G stale A vs current B pulls cpu in

5. cpu attach runs for all tasks hits a live, cpu-unchanged task

6. scx_cgroup_move_task() on it cgrp_moving_from NULL -> WARN

The mismatch is that scx_cgroup_can_attach() keys on cgroup identity

while migration drives the move on css identity, so a NULL cgrp_moving_from

here is a legitimate css-only migration, not a missing prep.

The call is already gated on cgrp_moving_from, so just drop the warning.

ops.cgroup_prep_move() and ops.cgroup_move() stay paired.

NVD Source

Technical Analysis

CVE-2026-53328 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-53328
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJul 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53328 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.