CVE - CVE-2025-21919

CVE-ID
CVE-2025-21919	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so verifying the 'prev' pointer against the current rq's list head is enough. Fixes a potential memory corruption issue that due to current struct layout might not be manifesting as a crash but could lead to unpredictable behavior when the layout changes.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/000c9ee43928f2ce68a156dd40bab7616256f4dd URL:https://git.kernel.org/stable/c/000c9ee43928f2ce68a156dd40bab7616256f4dd MISC:https://git.kernel.org/stable/c/3b4035ddbfc8e4521f85569998a7569668cccf51 URL:https://git.kernel.org/stable/c/3b4035ddbfc8e4521f85569998a7569668cccf51 MISC:https://git.kernel.org/stable/c/5cb300dcdd27e6a351ac02541e0231261c775852 URL:https://git.kernel.org/stable/c/5cb300dcdd27e6a351ac02541e0231261c775852 MISC:https://git.kernel.org/stable/c/9cc7f0018609f75a349e42e3aebc3b0e905ba775 URL:https://git.kernel.org/stable/c/9cc7f0018609f75a349e42e3aebc3b0e905ba775 MISC:https://git.kernel.org/stable/c/b5741e4b9ef3567613b2351384f91d3f16e59986 URL:https://git.kernel.org/stable/c/b5741e4b9ef3567613b2351384f91d3f16e59986 MISC:https://git.kernel.org/stable/c/e1dd09df30ba86716cb2ffab97dc35195c01eb8f URL:https://git.kernel.org/stable/c/e1dd09df30ba86716cb2ffab97dc35195c01eb8f
Assigning CNA
kernel.org
Date Record Created
20241229	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241229)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)