In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in childcfsrqonlist childcfsrqonlist attempts to convert a 'prev' pointer to a cfsrq. This 'prev' pointer can originate from struct rq's leafcfsrqlist, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leafcfsrqlist and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in listaddleafcfsrq, where both cfsrq->leafcfsrqlist and rq->leafcfsrqlist are added to the same leaf list. Also, rq->tmpalonebranch can be set to rq->leafcfsrqlist. This adds a check if (prev == &rq->leaf_cfs_rq_list)
after the main conditional in childcfsrqonlist. This ensures that the containerof operation will convert a correct cfsrq struct. This check is sufficient because only cfsrqs on the same CPU are added to the list, so verifying the 'prev' pointer against the current rq's list head is enough. Fixes a potential memory corruption issue that due to current struct layout might not be manifesting as a crash but could lead to unpredictable behavior when the layout changes.