cve-2026-23371

CVE-2026-23371 is a Linux kernel scheduler vulnerability in the SCHED_DEADLINE code path, specifically related to a missing ENQUEUE_REPLENISH flag during priority inheritance (PI) de-boosting. This flaw can corrupt bandwidth accounting, potentially triggering kernel warnings such as a running_bw underflow. The issue arises when a task that was deadline-boosted is demoted to a lower priority class while still holding a mutex, causing the scheduler to lose track of bookkeeping state. While not a classic crash-and-exploit vulnerability, it highlights fragility in deadline scheduling under priority inheritance. Discussions on WindowsForum cover the technical details, implications for system stability, and potential mitigations for affected Linux systems.