CVE-2025-39780

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-39780
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39780.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39780
Downstream
Published
2025-09-11T16:56:31Z
Modified
2025-10-16T04:48:42.936946Z
Summary
sched/ext: Fix invalid task state transitions on class switch
Details

In the Linux kernel, the following vulnerability has been resolved:

sched/ext: Fix invalid task state transitions on class switch

When enabling a sched_ext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following (which can be easily reproduced by running the hotplug selftest in a loop):

schedext: Invalid task state transition 0 -> 3 for fish[770] WARNING: CPU: 18 PID: 787 at kernel/sched/ext.c:3862 scxsettaskstate+0x7c/0xc0 ... RIP: 0010:scxsettaskstate+0x7c/0xc0 ... Call Trace: <TASK> scxenabletask+0x11f/0x2e0 switchingtoscx+0x24/0x110 scxenable.isra.0+0xd14/0x13d0 bpfstructopslinkcreate+0x136/0x1a0 _sysbpf+0x1edd/0x2c30 _x64sysbpf+0x21/0x30 dosyscall64+0xbb/0x370 entrySYSCALL64after_hwframe+0x77/0x7f

This happens because we skip initialization for tasks that are already dead (with their usage counter set to zero), but we don't exclude them during the scheduling class transition phase.

Fix this by also skipping dead tasks during class swiching, preventing invalid task state transitions.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a8532fac7b5d27b8d62008a89593dccb6f9786ef
Fixed
786f6314604b34c3e7de5f733f4e08e35c448a50
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a8532fac7b5d27b8d62008a89593dccb6f9786ef
Fixed
6a32cbe95029ebe21cc08349fd7ef2a3d32d2043
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a8532fac7b5d27b8d62008a89593dccb6f9786ef
Fixed
ddf7233fcab6c247379d0928d46cc316ee122229

Affected versions

v6.*

v6.11
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
v6.17-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.44
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.4