Listen to this Post
How the mentioned CVE works:
The vulnerability exists within the Linux kernel’s scheduler extensions (sched/ext or SCX). The `SCX_CALL_OP` and `SCX_CALL_OP_RET` macros can call `update_locked_rq()` with a NULL runqueue (rq) pointer when an operation is invoked from an unlocked context. This leads to a NULL pointer dereference. Specifically, passing a NULL `rq` to `update_locked_rq()` causes it to incorrectly execute `__this_cpu_write()` in a preemptible context, which is unsafe and triggers a kernel warning, potentially leading to a system crash or instability.
Platform: Linux Kernel
Version: sched/ext
Vulnerability: NULL Pointer Dereference
Severity: Medium
date: 2025-08-16
Prediction: 2025-11-20
What Undercode Say:
`grep -r “update_locked_rq” /kernel/sched/`
`cat /proc/sys/kernel/tainted`
`dmesg | grep “BUG: using __this_cpu_write”`
`perf record -e skb:kfree_skb -a`
How Exploit:
Kernel Crash / DoS
Protection from this CVE
Update Kernel Version
Impact:
Denial-of-Service
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
