CVE-2025-38234 (GCVE-0-2025-38234)

Vulnerability from cvelistv5 – Published: 2025-07-04 13:37 – Updated: 2026-05-11 21:23
VLAI
Title
sched/rt: Fix race in push_rt_task
Summary
In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migrated and is running on some other CPU. These cases are already handled. However, if the task is migrated and has already been executed and another CPU is now trying to wake it up (ttwu) such that it is queued again on the runqeue (on_rq is 1) and also if the task was run by the same CPU, then the current checks will pass even though the task was migrated out and is no longer in the pushable tasks list. Crashes ======= This bug resulted in quite a few flavors of crashes triggering kernel panics with various crash signatures such as assert failures, page faults, null pointer dereferences, and queue corruption errors all coming from scheduler itself. Some of the crashes: -> kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx >= MAX_RT_PRIO) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? pick_next_task_rt+0x6e/0x1d0 ? do_error_trap+0x64/0xa0 ? pick_next_task_rt+0x6e/0x1d0 ? exc_invalid_op+0x4c/0x60 ? pick_next_task_rt+0x6e/0x1d0 ? asm_exc_invalid_op+0x12/0x20 ? pick_next_task_rt+0x6e/0x1d0 __schedule+0x5cb/0x790 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -> BUG: kernel NULL pointer dereference, address: 00000000000000c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? __warn+0x8a/0xe0 ? exc_page_fault+0x3d6/0x520 ? asm_exc_page_fault+0x1e/0x30 ? pick_next_task_rt+0xb5/0x1d0 ? pick_next_task_rt+0x8c/0x1d0 __schedule+0x583/0x7e0 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -> BUG: unable to handle page fault for address: ffff9464daea5900 kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq->cpu != task_cpu(p)) -> kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq->nr_running) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? dequeue_top_rt_rq+0xa2/0xb0 ? do_error_trap+0x64/0xa0 ? dequeue_top_rt_rq+0xa2/0xb0 ? exc_invalid_op+0x4c/0x60 ? dequeue_top_rt_rq+0xa2/0xb0 ? asm_exc_invalid_op+0x12/0x20 ? dequeue_top_rt_rq+0xa2/0xb0 dequeue_rt_entity+0x1f/0x70 dequeue_task_rt+0x2d/0x70 __schedule+0x1a8/0x7e0 ? blk_finish_plug+0x25/0x40 schedule+0x3c/0xb0 futex_wait_queue_me+0xb6/0x120 futex_wait+0xd9/0x240 do_futex+0x344/0xa90 ? get_mm_exe_file+0x30/0x60 ? audit_exe_compare+0x58/0x70 ? audit_filter_rules.constprop.26+0x65e/0x1220 __x64_sys_futex+0x148/0x1f0 do_syscall_64+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x62/0xc7 -> BUG: unable to handle page fault for address: ffff8cf3608bc2c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? spurious_kernel_fault+0x171/0x1c0 ? exc_page_fault+0x3b6/0x520 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? asm_exc_page_fault+0x1e/0x30 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x120 ? futex_wait+0xd9/0x240 ? try_to_wake_up+0x1b8/0x490 ? futex_wake+0x78/0x160 ? do_futex+0xcd/0xa90 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? plist_del+0x6a/0xd0 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? dequeue_pushable_task+0x20/0x70 ? __schedule+0x382/0x7e0 ? asm_sysvec_reschedule_i ---truncated---
Severity
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: e8fa136262e1121288bb93befe2295928ffd240d , < 9f6022b2573ae068793810db719e131df3ded405 (git)
Affected: e8fa136262e1121288bb93befe2295928ffd240d , < debfbc047196df1f6bfd52f2d028c21dce67f0de (git)
Affected: e8fa136262e1121288bb93befe2295928ffd240d , < 07ecabfbca64f4f0b6071cf96e49d162fa9d138d (git)
Affected: e8fa136262e1121288bb93befe2295928ffd240d , < 690e47d1403e90b7f2366f03b52ed3304194c793 (git)
Create a notification for this product.
Linux Linux Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 6.6.124 , ≤ 6.6.* (semver)
Unaffected: 6.12.64 , ≤ 6.12.* (semver)
Unaffected: 6.15.4 , ≤ 6.15.* (semver)
Unaffected: 6.16 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/rt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9f6022b2573ae068793810db719e131df3ded405",
              "status": "affected",
              "version": "e8fa136262e1121288bb93befe2295928ffd240d",
              "versionType": "git"
            },
            {
              "lessThan": "debfbc047196df1f6bfd52f2d028c21dce67f0de",
              "status": "affected",
              "version": "e8fa136262e1121288bb93befe2295928ffd240d",
              "versionType": "git"
            },
            {
              "lessThan": "07ecabfbca64f4f0b6071cf96e49d162fa9d138d",
              "status": "affected",
              "version": "e8fa136262e1121288bb93befe2295928ffd240d",
              "versionType": "git"
            },
            {
              "lessThan": "690e47d1403e90b7f2366f03b52ed3304194c793",
              "status": "affected",
              "version": "e8fa136262e1121288bb93befe2295928ffd240d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/rt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.124",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.64",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU\u0027s runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs\u0027 runqueues. If one of the\nlocks aren\u0027t readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? die+0x2a/0x50\n   ? do_trap+0x85/0x100\n   ? pick_next_task_rt+0x6e/0x1d0\n   ? do_error_trap+0x64/0xa0\n   ? pick_next_task_rt+0x6e/0x1d0\n   ? exc_invalid_op+0x4c/0x60\n   ? pick_next_task_rt+0x6e/0x1d0\n   ? asm_exc_invalid_op+0x12/0x20\n   ? pick_next_task_rt+0x6e/0x1d0\n   __schedule+0x5cb/0x790\n   ? update_ts_time_stats+0x55/0x70\n   schedule_idle+0x1e/0x40\n   do_idle+0x15e/0x200\n   cpu_startup_entry+0x19/0x20\n   start_secondary+0x117/0x160\n   secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? no_context+0x183/0x350\n   ? __warn+0x8a/0xe0\n   ? exc_page_fault+0x3d6/0x520\n   ? asm_exc_page_fault+0x1e/0x30\n   ? pick_next_task_rt+0xb5/0x1d0\n   ? pick_next_task_rt+0x8c/0x1d0\n   __schedule+0x583/0x7e0\n   ? update_ts_time_stats+0x55/0x70\n   schedule_idle+0x1e/0x40\n   do_idle+0x15e/0x200\n   cpu_startup_entry+0x19/0x20\n   start_secondary+0x117/0x160\n   secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\n   kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\n\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? die+0x2a/0x50\n   ? do_trap+0x85/0x100\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   ? do_error_trap+0x64/0xa0\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   ? exc_invalid_op+0x4c/0x60\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   ? asm_exc_invalid_op+0x12/0x20\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   dequeue_rt_entity+0x1f/0x70\n   dequeue_task_rt+0x2d/0x70\n   __schedule+0x1a8/0x7e0\n   ? blk_finish_plug+0x25/0x40\n   schedule+0x3c/0xb0\n   futex_wait_queue_me+0xb6/0x120\n   futex_wait+0xd9/0x240\n   do_futex+0x344/0xa90\n   ? get_mm_exe_file+0x30/0x60\n   ? audit_exe_compare+0x58/0x70\n   ? audit_filter_rules.constprop.26+0x65e/0x1220\n   __x64_sys_futex+0x148/0x1f0\n   do_syscall_64+0x30/0x80\n   entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? no_context+0x183/0x350\n   ? spurious_kernel_fault+0x171/0x1c0\n   ? exc_page_fault+0x3b6/0x520\n   ? plist_check_list+0x15/0x40\n   ? plist_check_list+0x2e/0x40\n   ? asm_exc_page_fault+0x1e/0x30\n   ? _cond_resched+0x15/0x30\n   ? futex_wait_queue_me+0xc8/0x120\n   ? futex_wait+0xd9/0x240\n   ? try_to_wake_up+0x1b8/0x490\n   ? futex_wake+0x78/0x160\n   ? do_futex+0xcd/0xa90\n   ? plist_check_list+0x15/0x40\n   ? plist_check_list+0x2e/0x40\n   ? plist_del+0x6a/0xd0\n   ? plist_check_list+0x15/0x40\n   ? plist_check_list+0x2e/0x40\n   ? dequeue_pushable_task+0x20/0x70\n   ? __schedule+0x382/0x7e0\n   ? asm_sysvec_reschedule_i\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:23:49.953Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9f6022b2573ae068793810db719e131df3ded405"
        },
        {
          "url": "https://git.kernel.org/stable/c/debfbc047196df1f6bfd52f2d028c21dce67f0de"
        },
        {
          "url": "https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d"
        },
        {
          "url": "https://git.kernel.org/stable/c/690e47d1403e90b7f2366f03b52ed3304194c793"
        }
      ],
      "title": "sched/rt: Fix race in push_rt_task",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38234",
    "datePublished": "2025-07-04T13:37:46.960Z",
    "dateReserved": "2025-04-16T04:51:23.996Z",
    "dateUpdated": "2026-05-11T21:23:49.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-38234",
      "date": "2026-06-07",
      "epss": "0.00019",
      "percentile": "0.05526"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38234\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-04T14:15:33.087\",\"lastModified\":\"2026-03-17T13:30:18.600\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsched/rt: Fix race in push_rt_task\\n\\nOverview\\n========\\nWhen a CPU chooses to call push_rt_task and picks a task to push to\\nanother CPU\u0027s runqueue then it will call find_lock_lowest_rq method\\nwhich would take a double lock on both CPUs\u0027 runqueues. If one of the\\nlocks aren\u0027t readily available, it may lead to dropping the current\\nrunqueue lock and reacquiring both the locks at once. During this window\\nit is possible that the task is already migrated and is running on some\\nother CPU. These cases are already handled. However, if the task is\\nmigrated and has already been executed and another CPU is now trying to\\nwake it up (ttwu) such that it is queued again on the runqeue\\n(on_rq is 1) and also if the task was run by the same CPU, then the\\ncurrent checks will pass even though the task was migrated out and is no\\nlonger in the pushable tasks list.\\n\\nCrashes\\n=======\\nThis bug resulted in quite a few flavors of crashes triggering kernel\\npanics with various crash signatures such as assert failures, page\\nfaults, null pointer dereferences, and queue corruption errors all\\ncoming from scheduler itself.\\n\\nSome of the crashes:\\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\\n   Call Trace:\\n   ? __die_body+0x1a/0x60\\n   ? die+0x2a/0x50\\n   ? do_trap+0x85/0x100\\n   ? pick_next_task_rt+0x6e/0x1d0\\n   ? do_error_trap+0x64/0xa0\\n   ? pick_next_task_rt+0x6e/0x1d0\\n   ? exc_invalid_op+0x4c/0x60\\n   ? pick_next_task_rt+0x6e/0x1d0\\n   ? asm_exc_invalid_op+0x12/0x20\\n   ? pick_next_task_rt+0x6e/0x1d0\\n   __schedule+0x5cb/0x790\\n   ? update_ts_time_stats+0x55/0x70\\n   schedule_idle+0x1e/0x40\\n   do_idle+0x15e/0x200\\n   cpu_startup_entry+0x19/0x20\\n   start_secondary+0x117/0x160\\n   secondary_startup_64_no_verify+0xb0/0xbb\\n\\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\\n   Call Trace:\\n   ? __die_body+0x1a/0x60\\n   ? no_context+0x183/0x350\\n   ? __warn+0x8a/0xe0\\n   ? exc_page_fault+0x3d6/0x520\\n   ? asm_exc_page_fault+0x1e/0x30\\n   ? pick_next_task_rt+0xb5/0x1d0\\n   ? pick_next_task_rt+0x8c/0x1d0\\n   __schedule+0x583/0x7e0\\n   ? update_ts_time_stats+0x55/0x70\\n   schedule_idle+0x1e/0x40\\n   do_idle+0x15e/0x200\\n   cpu_startup_entry+0x19/0x20\\n   start_secondary+0x117/0x160\\n   secondary_startup_64_no_verify+0xb0/0xbb\\n\\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\\n   kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\\n\\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\\n   Call Trace:\\n   ? __die_body+0x1a/0x60\\n   ? die+0x2a/0x50\\n   ? do_trap+0x85/0x100\\n   ? dequeue_top_rt_rq+0xa2/0xb0\\n   ? do_error_trap+0x64/0xa0\\n   ? dequeue_top_rt_rq+0xa2/0xb0\\n   ? exc_invalid_op+0x4c/0x60\\n   ? dequeue_top_rt_rq+0xa2/0xb0\\n   ? asm_exc_invalid_op+0x12/0x20\\n   ? dequeue_top_rt_rq+0xa2/0xb0\\n   dequeue_rt_entity+0x1f/0x70\\n   dequeue_task_rt+0x2d/0x70\\n   __schedule+0x1a8/0x7e0\\n   ? blk_finish_plug+0x25/0x40\\n   schedule+0x3c/0xb0\\n   futex_wait_queue_me+0xb6/0x120\\n   futex_wait+0xd9/0x240\\n   do_futex+0x344/0xa90\\n   ? get_mm_exe_file+0x30/0x60\\n   ? audit_exe_compare+0x58/0x70\\n   ? audit_filter_rules.constprop.26+0x65e/0x1220\\n   __x64_sys_futex+0x148/0x1f0\\n   do_syscall_64+0x30/0x80\\n   entry_SYSCALL_64_after_hwframe+0x62/0xc7\\n\\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\\n   Call Trace:\\n   ? __die_body+0x1a/0x60\\n   ? no_context+0x183/0x350\\n   ? spurious_kernel_fault+0x171/0x1c0\\n   ? exc_page_fault+0x3b6/0x520\\n   ? plist_check_list+0x15/0x40\\n   ? plist_check_list+0x2e/0x40\\n   ? asm_exc_page_fault+0x1e/0x30\\n   ? _cond_resched+0x15/0x30\\n   ? futex_wait_queue_me+0xc8/0x120\\n   ? futex_wait+0xd9/0x240\\n   ? try_to_wake_up+0x1b8/0x490\\n   ? futex_wake+0x78/0x160\\n   ? do_futex+0xcd/0xa90\\n   ? plist_check_list+0x15/0x40\\n   ? plist_check_list+0x2e/0x40\\n   ? plist_del+0x6a/0xd0\\n   ? plist_check_list+0x15/0x40\\n   ? plist_check_list+0x2e/0x40\\n   ? dequeue_pushable_task+0x20/0x70\\n   ? __schedule+0x382/0x7e0\\n   ? asm_sysvec_reschedule_i\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/rt: Correcci\u00f3n de la ejecuci\u00f3n en push_rt_task. Descripci\u00f3n general ======== Cuando una CPU elige llamar a push_rt_task y selecciona una tarea para enviarla a la cola de ejecuci\u00f3n de otra CPU, llamar\u00e1 al m\u00e9todo find_lock_lowest_rq, que generar\u00eda un doble bloqueo en las colas de ejecuci\u00f3n de ambas CPU. Si uno de los bloqueos no est\u00e1 disponible, puede provocar que se elimine el bloqueo actual de la cola de ejecuci\u00f3n y se vuelvan a adquirir ambos bloqueos a la vez. Durante este periodo, es posible que la tarea ya se haya migrado y se est\u00e9 ejecutando en otra CPU. Estos casos ya se han gestionado. Sin embargo, si la tarea se migra y ya se ha ejecutado, y otra CPU est\u00e1 intentando despertarla (ttwu), de modo que se vuelve a poner en cola en la cola de ejecuci\u00f3n (on_rq es 1), y adem\u00e1s, si la tarea la ejecut\u00f3 la misma CPU, las comprobaciones actuales pasar\u00e1n aunque la tarea se haya migrado y ya no est\u00e9 en la lista de tareas que se pueden enviar. Fallos ======= Este error provoc\u00f3 bastantes tipos de fallos que desencadenaron p\u00e1nicos del kernel con varias firmas de fallo, como fallos de aserci\u00f3n, fallos de p\u00e1gina, desreferencias de puntero nulo y errores de corrupci\u00f3n de cola, todos procedentes del propio programador. Algunos de los fallos: -\u0026gt; kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u0026gt;= MAX_RT_PRIO) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? pick_next_task_rt+0x6e/0x1d0 ? do_error_trap+0x64/0xa0 ? pick_next_task_rt+0x6e/0x1d0 ? exc_invalid_op+0x4c/0x60 ? pick_next_task_rt+0x6e/0x1d0 ? asm_exc_invalid_op+0x12/0x20 ? pick_next_task_rt+0x6e/0x1d0 __schedule+0x5cb/0x790 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -\u0026gt; BUG: kernel NULL pointer dereference, address: 00000000000000c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? __warn+0x8a/0xe0 ? exc_page_fault+0x3d6/0x520 ? asm_exc_page_fault+0x1e/0x30 ? pick_next_task_rt+0xb5/0x1d0 ? pick_next_task_rt+0x8c/0x1d0 __schedule+0x583/0x7e0 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -\u0026gt; BUG: unable to handle page fault for address: ffff9464daea5900 kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u0026gt;cpu != task_cpu(p)) -\u0026gt; kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u0026gt;nr_running) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? dequeue_top_rt_rq+0xa2/0xb0 ? do_error_trap+0x64/0xa0 ? dequeue_top_rt_rq+0xa2/0xb0 ? exc_invalid_op+0x4c/0x60 ? dequeue_top_rt_rq+0xa2/0xb0 ? asm_exc_invalid_op+0x12/0x20 ? dequeue_top_rt_rq+0xa2/0xb0 dequeue_rt_entity+0x1f/0x70 dequeue_task_rt+0x2d/0x70 __schedule+0x1a8/0x7e0 ? blk_finish_plug+0x25/0x40 schedule+0x3c/0xb0 futex_wait_queue_me+0xb6/0x120 futex_wait+0xd9/0x240 do_futex+0x344/0xa90 ? get_mm_exe_file+0x30/0x60 ? audit_exe_compare+0x58/0x70 ? audit_filter_rules.constprop.26+0x65e/0x1220 __x64_sys_futex+0x148/0x1f0 do_syscall_64+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x62/0xc7 -\u0026gt; BUG: unable to handle page fault for address: ffff8cf3608bc2c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? spurious_kernel_fault+0x171/0x1c0 ? exc_page_fault+0x3b6/0x520 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? asm_exc_page_fault+0x1e/0x30 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x120 ? futex_wait+0xd9/0x240 ? try_to_wake_up+0x1b8/0x490 ? futex_wake+0x78/0x160 ? do_futex+0xcd/0xa90 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? plist_del+0x6a/0xd0 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? dequeue_pushable_task+0x20/0x70 ? __schedule+0x382/0x7e0 ? asm_sysvec_reschedule_i ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.15.4\",\"matchCriteriaId\":\"63D7A911-B0B9-42D5-8353-9B3B6D86F301\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/690e47d1403e90b7f2366f03b52ed3304194c793\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9f6022b2573ae068793810db719e131df3ded405\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/debfbc047196df1f6bfd52f2d028c21dce67f0de\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.