CVE-2025-38012 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (e.g. bpf_for_each() macro ignores error returns from new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized state after an error return causing bpf_iter_scx_dsq_next() to dereference garbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that next() and destroy() become noops.

Reserved 2025-04-16 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status

unaffected

650ba21b131ed1f8ee57826b2c6295a3be221132 before 0102989af4c334d1d98b2a0fd4d61a5152e39b72

affected

650ba21b131ed1f8ee57826b2c6295a3be221132 before 255dd31bfc4a67a19b1fc2cd130a50284dadfe3a

affected

650ba21b131ed1f8ee57826b2c6295a3be221132 before 428dc9fc0873989d73918d4a9cc22745b7bbc799

affected

Default status

affected

6.12

affected

Any version before 6.12

unaffected

6.12.30

unaffected

6.14.8

unaffected

6.15

unaffected

References

git.kernel.org/...c/0102989af4c334d1d98b2a0fd4d61a5152e39b72

git.kernel.org/...c/255dd31bfc4a67a19b1fc2cd130a50284dadfe3a

git.kernel.org/...c/428dc9fc0873989d73918d4a9cc22745b7bbc799

cve.org (CVE-2025-38012)

nvd.nist.gov (CVE-2025-38012)

Download JSON

https://cve.threatint.eu/CVE/CVE-2025-38012

Support options

Helpdesk Chat, Email, Knowledgebase