VYPR
Medium severity5.5NVD Advisory· Published Jun 18, 2025· Updated Jun 17, 2026

CVE-2025-38012

CVE-2025-38012

Description

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator

BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (e.g. bpf_for_each() macro ignores error returns from new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized state after an error return causing bpf_iter_scx_dsq_next() to dereference garbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that next() and destroy() become noops.

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.