GHSA-9gr8-3pvc-4w93

Опубликовано: 01 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()

If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash.

To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and trigger an scx error if an invalid CPU is specified.

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()

If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash.

To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and trigger an scx error if an invalid CPU is specified.

Ссылки

EPSS

Процентиль: 2%

0.00013

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2025-21965

Дефекты

CWE-476

Связанные уязвимости

CVE-2025-21965

CVSS3: 5.5

ubuntu

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash. To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and trigger an scx error if an invalid CPU is specified.