DEBIAN-CVE-2025-39780
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-39780
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-39780.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-39780
- Upstream
- Published
- 2025-09-11T17:15:43Z
- Modified
- 2025-09-30T05:20:35.466554Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a schedext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following (which can be easily reproduced by running the hotplug selftest in a loop): schedext: Invalid task state transition 0 -> 3 for fish[770] WARNING: CPU: 18 PID: 787 at kernel/sched/ext.c:3862 scxsettaskstate+0x7c/0xc0 ... RIP: 0010:scxsettaskstate+0x7c/0xc0 ... Call Trace: <TASK> scxenabletask+0x11f/0x2e0 switchingtoscx+0x24/0x110 scxenable.isra.0+0xd14/0x13d0 bpfstructopslinkcreate+0x136/0x1a0 _sysbpf+0x1edd/0x2c30 _x64sysbpf+0x21/0x30 dosyscall64+0xbb/0x370 entrySYSCALL64afterhwframe+0x77/0x7f This happens because we skip initialization for tasks that are already dead (with their usage counter set to zero), but we don't exclude them during the scheduling class transition phase. Fix this by also skipping dead tasks during class swiching, preventing invalid task state transitions.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.5-1