{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38522","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.023Z","datePublished":"2025-08-16T11:12:11.304Z","dateUpdated":"2026-05-11T21:29:39.044Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:29:39.044Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched/ext: Prevent update_locked_rq() calls with NULL rq\n\nAvoid invoking update_locked_rq() when the runqueue (rq) pointer is NULL\nin the SCX_CALL_OP and SCX_CALL_OP_RET macros.\n\nPreviously, calling update_locked_rq(NULL) with preemption enabled could\ntrigger the following warning:\n\n    BUG: using __this_cpu_write() in preemptible [00000000]\n\nThis happens because __this_cpu_write() is unsafe to use in preemptible\ncontext.\n\nrq is NULL when an ops invoked from an unlocked context. In such cases, we\ndon't need to store any rq, since the value should already be NULL\n(unlocked). Ensure that update_locked_rq() is only called when rq is\nnon-NULL, preventing calling __this_cpu_write() on preemptible context."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/sched/ext.c"],"versions":[{"version":"18853ba782bef65fc81ef2b3370382e5b479c5eb","lessThan":"237c43037b336e36a49eb9f2daac1c7719ec7f8b","status":"affected","versionType":"git"},{"version":"18853ba782bef65fc81ef2b3370382e5b479c5eb","lessThan":"e14fd98c6d66cb76694b12c05768e4f9e8c95664","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/sched/ext.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.15.8","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.15.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/237c43037b336e36a49eb9f2daac1c7719ec7f8b"},{"url":"https://git.kernel.org/stable/c/e14fd98c6d66cb76694b12c05768e4f9e8c95664"}],"title":"sched/ext: Prevent update_locked_rq() calls with NULL rq","x_generator":{"engine":"bippy-1.2.0"}}}}