PT-2025-49090 · Linux+2 · Linux Kernel+2

Published

2025-11-19

Updated

2026-04-06

CVE-2025-40260

CVSS v2.0

4.3

Medium

Vector

AV:A/AC:H/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A crash could occur in the scx enable() function when a helper kthread creation failed. This was observed during termination of the sched ext selftests runner with Ctrl+ while test 15 was running. The issue stemmed from kthread run worker() returning an error pointer on failure, which was not handled correctly in scx alloc and add sched(). This resulted in scx enable() dereferencing an error pointer. The fix involves propagating the error code in scx alloc and add sched() to the error path in scx enable(), preventing the dereference. The vulnerable function is scx enable().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388

Related Identifiers

BDU:2025-15946

CVE-2025-40260

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2025-49090 · Linux+2 · Linux Kernel+2

CVE-2025-40260

Weakness Enumeration

Related Identifiers

Affected Products

References · 213