Linux Kernel Vulnerability in Runqueue Management by Vendor
CVE-2025-38522

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38522?

A vulnerability has been identified in the Linux kernel that allows for unsafe handling of the runqueue pointer (rq) within preemptible contexts. Specifically, the risk arises when invoking the update_locked_rq() function with a NULL rq, leading to potential system instability. The mitigation involves ensuring that update_locked_rq() is called only when rq is valid, hence safeguarding against the risks associated with invoking certain operations in preemptible conditions. These fixes enhance the reliability and security of Linux systems.

Affected Version(s)

Linux 18853ba782bef65fc81ef2b3370382e5b479c5eb < 237c43037b336e36a49eb9f2daac1c7719ec7f8b

Linux 18853ba782bef65fc81ef2b3370382e5b479c5eb

Linux 6.15

References

https://git.kernel.org/stable/c/237c43037b336e36a49eb9f2d...

https://git.kernel.org/stable/c/e14fd98c6d66cb76694b12c05...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025