Linux Kernel Core Scheduling Topology Initialization Vulnerability

Vulnerability

A vulnerability in the Linux kernel's arm64 architecture has been addressed, concerning the initialization of CPU topology for core scheduling. The issue arose because the function responsible for updating CPU topology was called after notifying the scheduler about the available CPUs. This improper sequence led to a mismatch between the core scheduling data structures and the actual CPU topology. As a result, a warning was generated, followed by a crash, when the stress-ng tool was used to test core scheduling support.

Impact

Exploitation of this vulnerability could lead to a kernel crash, caused by a null pointer dereference. This issue was observed when using the stress-ng tool with core scheduling enabled, which triggered a warning about a mismatch in core scheduling data that could not be resolved, ultimately causing a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Core Scheduling Topology Initialization Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating