Integer Overflow or Wraparound Affecting rv package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS10-RV-17610411
- published27 Jun 2026
- disclosed24 Jun 2026
Introduced: 24 Jun 2026
NewCVE-2026-52980 (opens in a new tab)How to fix?
There is no fixed version for Centos:10 rv.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rv package and not the rv package as distributed by Centos.
See How to fix? for Centos:10 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
sched/fair: Clear rel_deadline when initializing forked entities
A yield-triggered crash can happen when a newly forked sched_entity enters the fair class with se->rel_deadline unexpectedly set.
The failing sequence is:
- A task is forked while se->rel_deadline is still set.
- __sched_fork() initializes vruntime, vlag and other sched_entity state, but does not clear rel_deadline.
- On the first enqueue, enqueue_entity() calls place_entity().
- Because se->rel_deadline is set, place_entity() treats se->deadline as a relative deadline and converts it to an absolute deadline by adding the current vruntime.
- However, the forked entity's deadline is not a valid inherited relative deadline for this new scheduling instance, so the conversion produces an abnormally large deadline.
- If the task later calls sched_yield(), yield_task_fair() advances se->vruntime to se->deadline.
- The inflated vruntime is then used by the following enqueue path, where the vruntime-derived key can overflow when multiplied by the entity weight.
- This corrupts cfs_rq->sum_w_vruntime, breaks EEVDF eligibility calculation, and can eventually make all entities appear ineligible. pick_next_entity() may then return NULL unexpectedly, leading to a later NULL dereference.
A captured trace shows the effect clearly. Before yield, the entity's vruntime was around:
9834017729983308
After yield_task_fair() executed:
se->vruntime = se->deadline
the vruntime jumped to:
19668035460670230
and the deadline was later advanced further to:
19668035463470230
This shows that the deadline had already become abnormally large before yield_task_fair() copied it into vruntime.
rel_deadline is only meaningful when se->deadline really carries a relative deadline that still needs to be placed against vruntime. A freshly forked sched_entity should not inherit or retain this state. Clear se->rel_deadline in __sched_fork(), together with the other sched_entity runtime state, so that the first enqueue does not interpret the new entity's deadline as a stale relative deadline.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2492340
- https://access.redhat.com/security/cve/CVE-2026-52980
- https://git.kernel.org/stable/c/3da56dc063cd77b9c0b40add930767fab4e389f3
- https://git.kernel.org/stable/c/8f4a16200785f49cf02c5b71bdfe7a9dab63f23a
- https://git.kernel.org/stable/c/c71bf35caba12bfd9bc23e32b0bcd9e02d1cf1ac
- https://git.kernel.org/stable/c/f3c16e1f4a314a20717ab90a41885f8111a242ab