CVE-2025-40260

Description

In the Linux kernel, the following vulnerability has been resolved:sched_ext: Fix scx_enable() crash on helper kthread creation failureA crash was observed when the sched_ext selftests runner wasterminated with Ctrl+ while test 15 was running:NIP [c00000000028fa58] scx_enable.constprop.0+0x358/0x12b0LR [c00000000028fa2c] scx_enable.constprop.0+0x32c/0x12b0Call Trace:scx_enable.constprop.0+0x32c/0x12b0 (unreliable)bpf_struct_ops_link_create+0x18c/0x22c__sys_bpf+0x23f8/0x3044sys_bpf+0x2c/0x6csystem_call_exception+0x124/0x320system_call_vectored_common+0x15c/0x2eckthread_run_worker() returns an ERR_PTR() on failure rather than null,but the current code in scx_alloc_and_add_sched() only checks for a nullhelper. Incase of failure on SIGQUIT, the error is not handled inscx_alloc_and_add_sched() and scx_enable() ends up dereferencing anerror pointer.Error handling is fixed in scx_alloc_and_add_sched() to propagatePTR_ERR() into ret, so that scx_enable() jumps to the existing errorpath, avoiding random dereference on failure.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.027

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234