Linux Kernel Memory Corruption Vulnerability in CFS Scheduler

Vulnerability

A vulnerability in the Linux kernel's Completely Fair Scheduler (CFS) has been addressed, which could lead to memory corruption. The issue arose because the 'prev' pointer, when converted to a CFS runqueue (cfs_rq), could reference invalid data, potentially causing a memory fault or allowing access to garbage data. This vulnerability was linked to the management of leaf CFS runqueues, where improper pointer handling could disrupt memory integrity. The flaw was particularly concerning because it could result in unpredictable behavior under certain conditions, even if it did not immediately cause a crash.

Impact

Exploitation of this vulnerability could lead to memory corruption, causing either a memory fault or access to invalid data, with the potential for unpredictable system behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Corruption Vulnerability in CFS Scheduler

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating