FKIE_CVE-2025-68780

Vulnerability from fkie_nvd - Published: 2026-01-13 16:15 - Updated: 2026-04-15 00:35
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set free_cpus for online runqueues Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") introduced the cpudl_set/clear_freecpu functions to allow the cpu_dl::free_cpus mask to be manipulated by the deadline scheduler class rq_on/offline callbacks so the mask would also reflect this state. Commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()") removed the check of the cpu_active_mask to save some processing on the premise that the cpudl::free_cpus mask already reflected the runqueue online state. Unfortunately, there are cases where it is possible for the cpudl_clear function to set the free_cpus bit for a CPU when the deadline runqueue is offline. When this occurs while a CPU is connected to the default root domain the flag may retain the bad state after the CPU has been unplugged. Later, a different CPU that is transitioning through the default root domain may push a deadline task to the powered down CPU when cpudl_find sees its free_cpus bit is set. If this happens the task will not have the opportunity to run. One example is outlined here: https://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com Another occurs when the last deadline task is migrated from a CPU that has an offlined runqueue. The dequeue_task member of the deadline scheduler class will eventually call cpudl_clear and set the free_cpus bit for the CPU. This commit modifies the cpudl_clear function to be aware of the online state of the deadline runqueue so that the free_cpus mask can be updated appropriately. It is no longer necessary to manage the mask outside of the cpudl_set/clear functions so the cpudl_set/clear_freecpu functions are removed. In addition, since the free_cpus mask is now only updated under the cpudl lock the code was changed to use the non-atomic __cpumask functions.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/382748c05e58a9f1935f5a653c352422375566ea
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9019e399684e3cc68c4a3f050e268f74d69c1317
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/91e448e69aca4bb0ba2e998eb3e555644db7322b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dbc61834b0412435df21c71410562d933e4eba49
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fb36846cbcc936954f2ad2bffdff13d16c0be08a
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: only set free_cpus for online runqueues\n\nCommit 16b269436b72 (\"sched/deadline: Modify cpudl::free_cpus\nto reflect rd-\u003eonline\") introduced the cpudl_set/clear_freecpu\nfunctions to allow the cpu_dl::free_cpus mask to be manipulated\nby the deadline scheduler class rq_on/offline callbacks so the\nmask would also reflect this state.\n\nCommit 9659e1eeee28 (\"sched/deadline: Remove cpu_active_mask\nfrom cpudl_find()\") removed the check of the cpu_active_mask to\nsave some processing on the premise that the cpudl::free_cpus\nmask already reflected the runqueue online state.\n\nUnfortunately, there are cases where it is possible for the\ncpudl_clear function to set the free_cpus bit for a CPU when the\ndeadline runqueue is offline. When this occurs while a CPU is\nconnected to the default root domain the flag may retain the bad\nstate after the CPU has been unplugged. Later, a different CPU\nthat is transitioning through the default root domain may push a\ndeadline task to the powered down CPU when cpudl_find sees its\nfree_cpus bit is set. If this happens the task will not have the\nopportunity to run.\n\nOne example is outlined here:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\n\nAnother occurs when the last deadline task is migrated from a\nCPU that has an offlined runqueue. The dequeue_task member of\nthe deadline scheduler class will eventually call cpudl_clear\nand set the free_cpus bit for the CPU.\n\nThis commit modifies the cpudl_clear function to be aware of the\nonline state of the deadline runqueue so that the free_cpus mask\ncan be updated appropriately.\n\nIt is no longer necessary to manage the mask outside of the\ncpudl_set/clear functions so the cpudl_set/clear_freecpu\nfunctions are removed. In addition, since the free_cpus mask is\nnow only updated under the cpudl lock the code was changed to\nuse the non-atomic __cpumask functions."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nsched/deadline: solo establecer free_cpus para runqueues en l\u00ednea\n\nEl commit 16b269436b72 (\u0027sched/deadline: Modificar cpudl::free_cpus para reflejar rd-\u0026gt;online\u0027) introdujo las funciones cpudl_set/clear_freecpu para permitir que la m\u00e1scara cpu_dl::free_cpus fuera manipulada por las devoluciones de llamada rq_on/offline de la clase de planificador de plazo para que la m\u00e1scara tambi\u00e9n reflejara este estado.\n\nEl commit 9659e1eeee28 (\u0027sched/deadline: Eliminar cpu_active_mask de cpudl_find()\u0027) elimin\u00f3 la comprobaci\u00f3n de la cpu_active_mask para ahorrar algo de procesamiento bajo la premisa de que la m\u00e1scara cpudl::free_cpus ya reflejaba el estado en l\u00ednea del runqueue.\n\nDesafortunadamente, hay casos en los que es posible que la funci\u00f3n cpudl_clear establezca el bit free_cpus para una CPU cuando el runqueue de plazo est\u00e1 fuera de l\u00ednea. Cuando esto ocurre mientras una CPU est\u00e1 conectada al dominio ra\u00edz predeterminado, el indicador puede retener el estado incorrecto despu\u00e9s de que la CPU haya sido desconectada. M\u00e1s tarde, una CPU diferente que est\u00e1 en transici\u00f3n a trav\u00e9s del dominio ra\u00edz predeterminado puede empujar una tarea de plazo a la CPU apagada cuando cpudl_find ve que su bit free_cpus est\u00e1 establecido. Si esto sucede, la tarea no tendr\u00e1 la oportunidad de ejecutarse.\n\nUn ejemplo se describe aqu\u00ed:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\n\nOtro ocurre cuando la \u00faltima tarea de plazo es migrada de una CPU que tiene un runqueue fuera de l\u00ednea. El miembro dequeue_task de la clase de planificador de plazo eventualmente llamar\u00e1 a cpudl_clear y establecer\u00e1 el bit free_cpus para la CPU.\n\nEste commit modifica la funci\u00f3n cpudl_clear para que sea consciente del estado en l\u00ednea del runqueue de plazo para que la m\u00e1scara free_cpus pueda ser actualizada apropiadamente.\n\nYa no es necesario gestionar la m\u00e1scara fuera de las funciones cpudl_set/clear, por lo que las funciones cpudl_set/clear_freecpu son eliminadas. Adem\u00e1s, dado que la m\u00e1scara free_cpus ahora solo se actualiza bajo el bloqueo cpudl, el c\u00f3digo fue cambiado para usar las funciones no at\u00f3micas __cpumask."
    }
  ],
  "id": "CVE-2025-68780",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {},
  "published": "2026-01-13T16:15:57.657",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/382748c05e58a9f1935f5a653c352422375566ea"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9019e399684e3cc68c4a3f050e268f74d69c1317"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/91e448e69aca4bb0ba2e998eb3e555644db7322b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dbc61834b0412435df21c71410562d933e4eba49"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fb36846cbcc936954f2ad2bffdff13d16c0be08a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Deferred"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.