CVE-2025-38522
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's scheduler extension (SCX) subsystem could cause a kernel warning or system instability when certain scheduler operations are called from unlocked contexts. This affects Linux systems using the sched_ext scheduler extension feature. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially disrupting critical services on affected systems.
Likely Case
Kernel warning message in system logs and minor system instability, but unlikely to cause full system crashes in most scenarios.
If Mitigated
No impact if the system is not using sched_ext scheduler extensions or has proper access controls preventing local exploitation.
🎯 Exploit Status
Exploitation requires local access and knowledge of how to trigger specific scheduler operations from unlocked contexts. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 237c43037b336e36a49eb9f2daac1c7719ec7f8b and e14fd98c6d66cb76694b12c05768e4f9e8c95664 applied
Vendor Advisory: https://git.kernel.org/stable/c/237c43037b336e36a49eb9f2daac1c7719ec7f8b
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version or commit hash.
🔧 Temporary Workarounds
Disable sched_ext scheduler extensions
LinuxPrevent exploitation by disabling the vulnerable scheduler extension subsystem
echo 'blacklist sched_ext' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems using sched_ext scheduler extensions
- Implement monitoring for kernel warning messages related to scheduler operations
🔍 How to Verify
Check if Vulnerable:
Check if sched_ext is enabled: 'lsmod | grep sched_ext' and check kernel version against vulnerable versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: 'uname -r' and check with distribution vendor for patch status📡 Detection & Monitoring
Log Indicators:
- Kernel warning messages containing 'BUG: using __this_cpu_write() in preemptible' or scheduler-related warnings
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("__this_cpu_write" OR "sched_ext" OR "update_locked_rq")