Linux Kernel Race Condition Vulnerability in Real-Time Scheduler Leading to Kernel Panic

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's real-time scheduler. When a CPU attempts to push a task to another CPU's runqueue, it uses the 'find_lock_lowest_rq' method, which can result in a double lock on both CPUs' runqueues. If one lock is unavailable, the process may drop the current runqueue lock and reacquire both locks simultaneously. During this brief window, a task could be migrated to another CPU, potentially leading to inconsistencies. This vulnerability has caused various crashes, including kernel panics, null pointer dereferences, and queue corruption errors, all originating from the scheduler.

Impact

Exploitation of this vulnerability causes kernel panics, triggered by various crash signatures such as assertion failures, page faults, null pointer dereferences, and queue corruption errors, all emanating from the scheduler.

Added: Jul 4, 2025, 2:17 PM

Updated: Jul 4, 2025, 2:17 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Race Condition Vulnerability in Real-Time Scheduler Leading to Kernel Panic

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating