Description

In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (e.g. bpf_for_each() macro ignores error returns from new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized state after an error return causing bpf_iter_scx_dsq_next() to dereference garbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that next() and destroy() become noops.

INFO

Published Date :

2025-06-18T09:28:22.057Z

Last Modified :

2025-06-18T09:28:22.057Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38012 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38012.

URL Resource
https://git.kernel.org/stable/c/0102989af4c334d1d98b2a0fd4d61a5152e39b72 cve-icon cve-icon
https://git.kernel.org/stable/c/255dd31bfc4a67a19b1fc2cd130a50284dadfe3a cve-icon cve-icon
https://git.kernel.org/stable/c/428dc9fc0873989d73918d4a9cc22745b7bbc799 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025061843-CVE-2025-38012-6d55@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38012 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38012 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact