{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68780", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:30:51.036Z", "datePublished": "2026-01-13T15:28:55.483Z", "dateUpdated": "2026-05-11T21:53:12.601Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:53:12.601Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: only set free_cpus for online runqueues\n\nCommit 16b269436b72 (\"sched/deadline: Modify cpudl::free_cpus\nto reflect rd->online\") introduced the cpudl_set/clear_freecpu\nfunctions to allow the cpu_dl::free_cpus mask to be manipulated\nby the deadline scheduler class rq_on/offline callbacks so the\nmask would also reflect this state.\n\nCommit 9659e1eeee28 (\"sched/deadline: Remove cpu_active_mask\nfrom cpudl_find()\") removed the check of the cpu_active_mask to\nsave some processing on the premise that the cpudl::free_cpus\nmask already reflected the runqueue online state.\n\nUnfortunately, there are cases where it is possible for the\ncpudl_clear function to set the free_cpus bit for a CPU when the\ndeadline runqueue is offline. When this occurs while a CPU is\nconnected to the default root domain the flag may retain the bad\nstate after the CPU has been unplugged. Later, a different CPU\nthat is transitioning through the default root domain may push a\ndeadline task to the powered down CPU when cpudl_find sees its\nfree_cpus bit is set. If this happens the task will not have the\nopportunity to run.\n\nOne example is outlined here:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\n\nAnother occurs when the last deadline task is migrated from a\nCPU that has an offlined runqueue. The dequeue_task member of\nthe deadline scheduler class will eventually call cpudl_clear\nand set the free_cpus bit for the CPU.\n\nThis commit modifies the cpudl_clear function to be aware of the\nonline state of the deadline runqueue so that the free_cpus mask\ncan be updated appropriately.\n\nIt is no longer necessary to manage the mask outside of the\ncpudl_set/clear functions so the cpudl_set/clear_freecpu\nfunctions are removed. In addition, since the free_cpus mask is\nnow only updated under the cpudl lock the code was changed to\nuse the non-atomic __cpumask functions."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/cpudeadline.c", "kernel/sched/cpudeadline.h", "kernel/sched/deadline.c"], "versions": [{"version": "9659e1eeee28f7025b6545934d644d19e9c6e603", "lessThan": "9019e399684e3cc68c4a3f050e268f74d69c1317", "status": "affected", "versionType": "git"}, {"version": "9659e1eeee28f7025b6545934d644d19e9c6e603", "lessThan": "fb36846cbcc936954f2ad2bffdff13d16c0be08a", "status": "affected", "versionType": "git"}, {"version": "9659e1eeee28f7025b6545934d644d19e9c6e603", "lessThan": "91e448e69aca4bb0ba2e998eb3e555644db7322b", "status": "affected", "versionType": "git"}, {"version": "9659e1eeee28f7025b6545934d644d19e9c6e603", "lessThan": "dbc61834b0412435df21c71410562d933e4eba49", "status": "affected", "versionType": "git"}, {"version": "9659e1eeee28f7025b6545934d644d19e9c6e603", "lessThan": "3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8", "status": "affected", "versionType": "git"}, {"version": "9659e1eeee28f7025b6545934d644d19e9c6e603", "lessThan": "382748c05e58a9f1935f5a653c352422375566ea", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/cpudeadline.c", "kernel/sched/cpudeadline.h", "kernel/sched/deadline.c"], "versions": [{"version": "4.0", "status": "affected"}, {"version": "0", "lessThan": "4.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.198", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.160", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.120", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.15.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.1.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9019e399684e3cc68c4a3f050e268f74d69c1317"}, {"url": "https://git.kernel.org/stable/c/fb36846cbcc936954f2ad2bffdff13d16c0be08a"}, {"url": "https://git.kernel.org/stable/c/91e448e69aca4bb0ba2e998eb3e555644db7322b"}, {"url": "https://git.kernel.org/stable/c/dbc61834b0412435df21c71410562d933e4eba49"}, {"url": "https://git.kernel.org/stable/c/3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8"}, {"url": "https://git.kernel.org/stable/c/382748c05e58a9f1935f5a653c352422375566ea"}], "title": "sched/deadline: only set free_cpus for online runqueues", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: only set free_cpus for online runqueues\n\nCommit 16b269436b72 (\"sched/deadline: Modify cpudl::free_cpus\nto reflect rd->online\") introduced the cpudl_set/clear_freecpu\nfunctions to allow the cpu_dl::free_cpus mask to be manipulated\nby the deadline scheduler class rq_on/offline callbacks so the\nmask would also reflect this state.\n\nCommit 9659e1eeee28 (\"sched/deadline: Remove cpu_active_mask\nfrom cpudl_find()\") removed the check of the cpu_active_mask to\nsave some processing on the premise that the cpudl::free_cpus\nmask already reflected the runqueue online state.\n\nUnfortunately, there are cases where it is possible for the\ncpudl_clear function to set the free_cpus bit for a CPU when the\ndeadline runqueue is offline. When this occurs while a CPU is\nconnected to the default root domain the flag may retain the bad\nstate after the CPU has been unplugged. Later, a different CPU\nthat is transitioning through the default root domain may push a\ndeadline task to the powered down CPU when cpudl_find sees its\nfree_cpus bit is set. If this happens the task will not have the\nopportunity to run.\n\nOne example is outlined here:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\n\nAnother occurs when the last deadline task is migrated from a\nCPU that has an offlined runqueue. The dequeue_task member of\nthe deadline scheduler class will eventually call cpudl_clear\nand set the free_cpus bit for the CPU.\n\nThis commit modifies the cpudl_clear function to be aware of the\nonline state of the deadline runqueue so that the free_cpus mask\ncan be updated appropriately.\n\nIt is no longer necessary to manage the mask outside of the\ncpudl_set/clear functions so the cpudl_set/clear_freecpu\nfunctions are removed. In addition, since the free_cpus mask is\nnow only updated under the cpudl lock the code was changed to\nuse the non-atomic __cpumask functions."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nsched/deadline: solo establecer free_cpus para runqueues en l\u00ednea\n\nEl commit 16b269436b72 ('sched/deadline: Modificar cpudl::free_cpus para reflejar rd->online') introdujo las funciones cpudl_set/clear_freecpu para permitir que la m\u00e1scara cpu_dl::free_cpus fuera manipulada por las devoluciones de llamada rq_on/offline de la clase de planificador de plazo para que la m\u00e1scara tambi\u00e9n reflejara este estado.\n\nEl commit 9659e1eeee28 ('sched/deadline: Eliminar cpu_active_mask de cpudl_find()') elimin\u00f3 la comprobaci\u00f3n de la cpu_active_mask para ahorrar algo de procesamiento bajo la premisa de que la m\u00e1scara cpudl::free_cpus ya reflejaba el estado en l\u00ednea del runqueue.\n\nDesafortunadamente, hay casos en los que es posible que la funci\u00f3n cpudl_clear establezca el bit free_cpus para una CPU cuando el runqueue de plazo est\u00e1 fuera de l\u00ednea. Cuando esto ocurre mientras una CPU est\u00e1 conectada al dominio ra\u00edz predeterminado, el indicador puede retener el estado incorrecto despu\u00e9s de que la CPU haya sido desconectada. M\u00e1s tarde, una CPU diferente que est\u00e1 en transici\u00f3n a trav\u00e9s del dominio ra\u00edz predeterminado puede empujar una tarea de plazo a la CPU apagada cuando cpudl_find ve que su bit free_cpus est\u00e1 establecido. Si esto sucede, la tarea no tendr\u00e1 la oportunidad de ejecutarse.\n\nUn ejemplo se describe aqu\u00ed:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\n\nOtro ocurre cuando la \u00faltima tarea de plazo es migrada de una CPU que tiene un runqueue fuera de l\u00ednea. El miembro dequeue_task de la clase de planificador de plazo eventualmente llamar\u00e1 a cpudl_clear y establecer\u00e1 el bit free_cpus para la CPU.\n\nEste commit modifica la funci\u00f3n cpudl_clear para que sea consciente del estado en l\u00ednea del runqueue de plazo para que la m\u00e1scara free_cpus pueda ser actualizada apropiadamente.\n\nYa no es necesario gestionar la m\u00e1scara fuera de las funciones cpudl_set/clear, por lo que las funciones cpudl_set/clear_freecpu son eliminadas. Adem\u00e1s, dado que la m\u00e1scara free_cpus ahora solo se actualiza bajo el bloqueo cpudl, el c\u00f3digo fue cambiado para usar las funciones no at\u00f3micas __cpumask."}], "id": "CVE-2025-68780", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-13T16:15:57.657", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/382748c05e58a9f1935f5a653c352422375566ea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9019e399684e3cc68c4a3f050e268f74d69c1317"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91e448e69aca4bb0ba2e998eb3e555644db7322b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dbc61834b0412435df21c71410562d933e4eba49"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb36846cbcc936954f2ad2bffdff13d16c0be08a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: sched/deadline: only set free_cpus for online runqueues", "id": "2429029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429029"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsched/deadline: only set free_cpus for online runqueues\nCommit 16b269436b72 (\"sched/deadline: Modify cpudl::free_cpus\nto reflect rd->online\") introduced the cpudl_set/clear_freecpu\nfunctions to allow the cpu_dl::free_cpus mask to be manipulated\nby the deadline scheduler class rq_on/offline callbacks so the\nmask would also reflect this state.\nCommit 9659e1eeee28 (\"sched/deadline: Remove cpu_active_mask\nfrom cpudl_find()\") removed the check of the cpu_active_mask to\nsave some processing on the premise that the cpudl::free_cpus\nmask already reflected the runqueue online state.\nUnfortunately, there are cases where it is possible for the\ncpudl_clear function to set the free_cpus bit for a CPU when the\ndeadline runqueue is offline. When this occurs while a CPU is\nconnected to the default root domain the flag may retain the bad\nstate after the CPU has been unplugged. Later, a different CPU\nthat is transitioning through the default root domain may push a\ndeadline task to the powered down CPU when cpudl_find sees its\nfree_cpus bit is set. If this happens the task will not have the\nopportunity to run.\nOne example is outlined here:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\nAnother occurs when the last deadline task is migrated from a\nCPU that has an offlined runqueue. The dequeue_task member of\nthe deadline scheduler class will eventually call cpudl_clear\nand set the free_cpus bit for the CPU.\nThis commit modifies the cpudl_clear function to be aware of the\nonline state of the deadline runqueue so that the free_cpus mask\ncan be updated appropriately.\nIt is no longer necessary to manage the mask outside of the\ncpudl_set/clear functions so the cpudl_set/clear_freecpu\nfunctions are removed. In addition, since the free_cpus mask is\nnow only updated under the cpudl lock the code was changed to\nuse the non-atomic __cpumask functions."], "name": "CVE-2025-68780", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-68780\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68780\nhttps://lore.kernel.org/linux-cve-announce/2026011300-CVE-2025-68780-f5c8@gregkh/T"], "threat_severity": "Low"}

{}