CVE-2026-23371Incomplete Internal State Distinction in Linux

CWE-372Incomplete Internal State Distinction8 documents7 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 93.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs (edited). sched: DL de-boosted task PID 22725: REPLENISH flag missing WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8 ... (running_bw underflow) Call trace: dequeue_task_dl+0x15c/0x1f8 (P) dequeue_task+0x80/0x168 deactiva

Affected Packages5 packages

Linuxlinux/linux_kernel5.10.06.19.7
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux2279f540ea7d05f22d2f0c4224319330228586bcba1c22924ddcc280672a2a06a9ca99ee3a1b92c3+4
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting2026-03-25
OSV
CVE-2026-23371: In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress2026-03-25
GHSA
GHSA-55fv-ccjv-2hr3: In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stre2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting2026-03-25
Microsoft
sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting2026-03-10
Debian
CVE-2026-23371: linux - In the Linux kernel, the following vulnerability has been resolved: sched/deadl...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23371 Impact, Exploitability, and Mitigation Steps | Wiz