CVE-2025-38012

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified where BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value. This could cause bpf iter scx dsq new() to leave the iterator in an uninitialized state, leading to bpf iter scx dsq next() dereferencing garbage data. The issue is resolved by making bpf iter scx dsq new() always clear $kit->dsq, ensuring next() and destroy() become noops.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.