CVE-2025-68780

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the scheduler/deadline component. A correction ensures that the free cpus bit is only set for online runqueues. A previous commit introduced functions to manipulate the cpu dl::free cpus mask, and a subsequent commit removed a check of the cpu active mask. This resulted in a scenario where the free cpus bit could be incorrectly set for a CPU when the deadline runqueue is offline, potentially leading to tasks being scheduled on powered-down CPUs. The issue arises when a CPU transitions through the default root domain or when the last deadline task is migrated from a CPU with an offlined runqueue. The correction modifies the cpudl clear function to consider the online state of the deadline runqueue, ensuring appropriate updates to the free cpus mask. The cpudl set/clear freecpu functions have been removed, and the code now utilizes non-atomic cpumask functions due to the mask being updated under the cpudl lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.