CVE-2025-39780

EPSS 0.02%
Veröffentlicht 11.09.2025 16:56:31
Zuletzt bearbeitet 15.09.2025 15:22:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

sched/ext: Fix invalid task state transitions on class switch

When enabling a sched_ext scheduler, we may trigger invalid task state
transitions, resulting in warnings like the following (which can be
easily reproduced by running the hotplug selftest in a loop):

 sched_ext: Invalid task state transition 0 -> 3 for fish[770]
 WARNING: CPU: 18 PID: 787 at kernel/sched/ext.c:3862 scx_set_task_state+0x7c/0xc0
 ...
 RIP: 0010:scx_set_task_state+0x7c/0xc0
 ...
 Call Trace:
  <TASK>
  scx_enable_task+0x11f/0x2e0
  switching_to_scx+0x24/0x110
  scx_enable.isra.0+0xd14/0x13d0
  bpf_struct_ops_link_create+0x136/0x1a0
  __sys_bpf+0x1edd/0x2c30
  __x64_sys_bpf+0x21/0x30
  do_syscall_64+0xbb/0x370
  entry_SYSCALL_64_after_hwframe+0x77/0x7f

This happens because we skip initialization for tasks that are already
dead (with their usage counter set to zero), but we don't exclude them
during the scheduling class transition phase.

Fix this by also skipping dead tasks during class swiching, preventing
invalid task state transitions.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 786f6314604b34c3e7de5f733f4e08e35c448a50

Version a8532fac7b5d27b8d62008a89593dccb6f9786ef

Status affected

Version < 6a32cbe95029ebe21cc08349fd7ef2a3d32d2043

Version a8532fac7b5d27b8d62008a89593dccb6f9786ef

Status affected

Version < ddf7233fcab6c247379d0928d46cc316ee122229

Version a8532fac7b5d27b8d62008a89593dccb6f9786ef

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.12

Status affected

Version < 6.12

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.44

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17-rc3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.042

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/786f6314604b34c3e7de5f733f4e08e35c448a50

https://git.kernel.org/stable/c/6a32cbe95029ebe21cc08349fd7ef2a3d32d2043

https://git.kernel.org/stable/c/ddf7233fcab6c247379d0928d46cc316ee122229

https://nvd.nist.gov/vuln/detail/CVE-2025-39780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39780

EUVD