{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T08:35:16.338","vulnerabilities":[{"cve":{"id":"CVE-2025-40260","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-04T16:16:19.927","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix scx_enable() crash on helper kthread creation failure\n\nA crash was observed when the sched_ext selftests runner was\nterminated with Ctrl+\\ while test 15 was running:\n\nNIP [c00000000028fa58] scx_enable.constprop.0+0x358/0x12b0\nLR [c00000000028fa2c] scx_enable.constprop.0+0x32c/0x12b0\nCall Trace:\nscx_enable.constprop.0+0x32c/0x12b0 (unreliable)\nbpf_struct_ops_link_create+0x18c/0x22c\n__sys_bpf+0x23f8/0x3044\nsys_bpf+0x2c/0x6c\nsystem_call_exception+0x124/0x320\nsystem_call_vectored_common+0x15c/0x2ec\n\nkthread_run_worker() returns an ERR_PTR() on failure rather than NULL,\nbut the current code in scx_alloc_and_add_sched() only checks for a NULL\nhelper. Incase of failure on SIGQUIT, the error is not handled in\nscx_alloc_and_add_sched() and scx_enable() ends up dereferencing an\nerror pointer.\n\nError handling is fixed in scx_alloc_and_add_sched() to propagate\nPTR_ERR() into ret, so that scx_enable() jumps to the existing error\npath, avoiding random dereference on failure."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/625e173e2a59b6cf6cbfb51c0a6bea47f3861eab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7b6216baae751369195fa3c83d434d23bcda406a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}