Medium severity5.5NVD Advisory· Published Jun 18, 2025· Updated Jun 17, 2026
CVE-2025-38012
CVE-2025-38012
Description
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (e.g. bpf_for_each() macro ignores error returns from new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized state after an error return causing bpf_iter_scx_dsq_next() to dereference garbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that next() and destroy() become noops.
Affected products
3Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.