Linux Kernel BPF Scheduler CPU Validation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's BPF scheduler can lead to a kernel crash if an invalid CPU number is provided to the function scx_bpf_select_cpu_dfl(). This issue arises when the CPU number is outside the valid range of available CPUs. The vulnerability has been addressed by adding validation to ensure that the specified CPU number is valid, and by triggering an error if an invalid CPU is detected.

Impact

The vulnerability can cause a kernel crash, leading to a denial of service by interrupting normal system operations and causing a system reboot.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BPF Scheduler CPU Validation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating