CVE-2025-37821

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, which was caused by a code path in dequeue entities() that could set the slice of a sched entity to U64 MAX, resulting in a crash. The issue occurred when dequeue entities() was called to dequeue a delayed group entity, and then the entity's parent's dequeue was delayed. This led to a series of calculations that resulted in huge negative numbers, causing the pick eevdf() function to return NULL and the pick next entity() function to crash. The vulnerability was observed in production, with symptoms including huge virtual runtime ranges and bogus vlag values.

Recommendations To resolve the issue, update the dequeue entities() function to always set the slice from the first non-empty cfs rq. This fix ensures that the slice is properly updated, preventing the crash and other potential issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.