{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "8195136669661fdfe54e9a8923c33b31c92fc1da"
            },
            {
              "fixed": "cdff2eb97be147d2ce52ac1327841068781f25dc"
            },
            {
              "fixed": "0ffcad63b19a1cadb475c9f405a93607fdcd0d7c"
            },
            {
              "fixed": "bc75f5951fac4e49d175c4433fc08fb1ec01172f"
            },
            {
              "fixed": "02e545c4297a26dbbc41df81b831e7f605bcd306"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.12.0"
            },
            {
              "fixed": "6.12.94"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.36"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53328.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()\n\nA WARN fires when systemd's user manager writes \"+cpu +memory +pids\" to\nits own subtree_control while a sched_ext scheduler is loaded:\n\n  WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0\n   scx_cgroup_move_task+0xa8/0xb0\n   sched_move_task+0x134/0x290\n   cpu_cgroup_attach+0x39/0x70\n   cgroup_migrate_execute+0x37d/0x450\n   cgroup_update_dfl_csses+0x1e3/0x270\n   cgroup_subtree_control_write+0x3e7/0x440\n\nscx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu\ncgroup changes. It can still be NULL when scx_cgroup_move_task() runs,\nthrough this sequence:\n\n  Step                               Result\n  ---------------------------------  ----------------------------------\n  1. cpu enabled on cgroup G         cpu css = A\n  2. cpu toggled off then on for G   A killed, B created (same cgroup)\n  3. an exiting task keeps A alive   migration skips it, A now stale\n  4. +memory migrates G              stale A vs current B pulls cpu in\n  5. cpu attach runs for all tasks   hits a live, cpu-unchanged task\n  6. scx_cgroup_move_task() on it    cgrp_moving_from NULL -\u003e WARN\n\nThe mismatch is that scx_cgroup_can_attach() keys on cgroup identity\nwhile migration drives the move on css identity, so a NULL cgrp_moving_from\nhere is a legitimate css-only migration, not a missing prep.\n\nThe call is already gated on cgrp_moving_from, so just drop the warning.\nops.cgroup_prep_move() and ops.cgroup_move() stay paired.",
  "id": "CVE-2026-53328",
  "modified": "2026-07-08T05:37:17.272272559Z",
  "published": "2026-07-01T13:32:14.030Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02e545c4297a26dbbc41df81b831e7f605bcd306"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ffcad63b19a1cadb475c9f405a93607fdcd0d7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc75f5951fac4e49d175c4433fc08fb1ec01172f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdff2eb97be147d2ce52ac1327841068781f25dc"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53328.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53328"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()"
}