Description
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ip_vs_edit_service() while unbinding the old scheduler clears the svc->scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at the time when svc->sched_data is already freed after RCU grace period. Fix it by clearing the ptr early in ip_vs_unbind_scheduler(), before the done_service method schedules any RCU callbacks. Also, if the new scheduler fails to initialize when replacing the old scheduler, try to restore the old scheduler while still returning the error code.
References (8)
Core 8
Core References
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
3.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (32)
linux/Kernel
4.2.0 - 5.10.259linux
linux/Kernel
5.11.0 - 5.15.210linux
linux/Kernel
5.16.0 - 6.1.176linux
linux/Kernel
6.13.0 - 6.18.36linux
linux/Kernel
6.19.0 - 7.0.13linux
linux/Kernel
6.2.0 - 6.6.143linux
linux/Kernel
6.7.0 - 6.12.94linux
Linux/Linux
< 4.2
Linux/Linux
05f00505a89acd21f5d0d20f5797dfbc4cf85243 - 14e4689c113b4c06af1069364ade24fdd7055f33
Linux/Linux
05f00505a89acd21f5d0d20f5797dfbc4cf85243 - 193989cc6d80dd8e0460fb3992e69fa03bf0ff9b
... and 22 more
Published
Jun 25, 2026
Tracked Since
Jun 25, 2026