CVE-2025-68780 Overview
A vulnerability has been identified in the Linux kernel's deadline scheduler (sched/deadline) where the cpudl::free_cpus mask can be incorrectly set for offline runqueues. This race condition occurs when the cpudl_clear function sets the free_cpus bit for a CPU whose deadline runqueue is offline, potentially causing deadline tasks to be pushed to powered-down CPUs where they cannot execute.
The vulnerability stems from changes introduced in commits 16b269436b72 and 9659e1eeee28, which modified how the scheduler handles CPU masks and removed certain safety checks. When a CPU is connected to the default root domain with an incorrect flag state, tasks may be migrated to unavailable CPUs, resulting in task starvation.
Critical Impact
Deadline tasks may be scheduled to offline CPUs, preventing critical real-time workloads from executing and potentially causing system stability issues in environments relying on deadline scheduling guarantees.
Affected Products
- Linux Kernel (versions with deadline scheduler using cpudl::free_cpus mask)
- Systems utilizing CPU hotplug with deadline-scheduled real-time tasks
- Multi-processor environments with dynamic CPU online/offline operations
Discovery Timeline
- 2025-01-13 - CVE CVE-2025-68780 published to NVD
- 2025-01-13 - Last updated in NVD database
Technical Details for CVE-2025-68780
Vulnerability Analysis
The vulnerability exists in the Linux kernel's deadline scheduler, specifically in how the cpudl::free_cpus CPU mask is managed during CPU hotplug operations. The deadline scheduler uses this mask to track which CPUs are available for accepting pushed deadline tasks.
The root issue occurs when the cpudl_clear function is called while a CPU's deadline runqueue is offline. In this scenario, the function incorrectly sets the free_cpus bit for that CPU. If this happens while the CPU is connected to the default root domain, the incorrect flag state can persist even after the CPU has been unplugged.
Subsequently, when another CPU transitions through the default root domain and attempts to find a target for pushing a deadline task, the cpudl_find function sees the stale free_cpus bit and may select the powered-down CPU as a migration target. Since the target CPU is offline, the task cannot run, effectively causing task starvation.
Root Cause
The root cause is the lack of runqueue online state awareness in the cpudl_clear function. Prior to the fix, this function would unconditionally set the free_cpus bit without verifying whether the deadline runqueue was actually online. This oversight was introduced when commit 9659e1eeee28 removed the cpu_active_mask check from cpudl_find, relying on the assumption that cpudl::free_cpus would accurately reflect the runqueue online state.
The fix modifies cpudl_clear to check the online state of the deadline runqueue before updating the free_cpus mask, and consolidates mask management under the cpudl lock using non-atomic __cpumask functions.
Attack Vector
This vulnerability is triggered through normal system operations involving CPU hotplug and deadline task migration:
- A CPU with an offlined deadline runqueue remains connected to the default root domain
- The last deadline task on that CPU is migrated away, causing dequeue_task to call cpudl_clear
- cpudl_clear incorrectly sets the free_cpus bit for the offline CPU
- The CPU is subsequently unplugged while retaining the incorrect flag state
- Another CPU attempts to push a deadline task and selects the offline CPU via cpudl_find
- The task is pushed to the unavailable CPU and cannot execute
The vulnerability manifests in the runqueue management and task migration logic. For detailed technical analysis, see the kernel mailing list discussion and the associated kernel patch commits.
Detection Methods for CVE-2025-68780
Indicators of Compromise
- Deadline-scheduled tasks showing unexpected latency or failing to execute
- Real-time workloads experiencing task starvation during CPU hotplug events
- Kernel logs showing task migration to CPUs that are subsequently offline
- Scheduling anomalies correlating with dynamic CPU online/offline operations
Detection Strategies
- Monitor for deadline task scheduling failures using ftrace or perf with sched_deadline events
- Implement watchdog mechanisms for critical deadline tasks to detect execution delays
- Use kernel tracing to monitor cpudl_clear and cpudl_find function calls during CPU hotplug
- Review system logs for anomalies in CPU migration patterns during power management events
Monitoring Recommendations
- Enable deadline scheduler debugging options in development environments to capture scheduling decisions
- Implement automated testing for CPU hotplug scenarios with deadline-scheduled workloads
- Configure alerting for unexpected task latency in systems using real-time scheduling
- Use SentinelOne Singularity Platform to monitor kernel-level scheduling anomalies and system integrity
How to Mitigate CVE-2025-68780
Immediate Actions Required
- Apply the kernel patches from the stable kernel tree to affected systems
- Minimize CPU hotplug operations on systems running critical deadline-scheduled workloads until patched
- Consider pinning deadline tasks to specific CPUs that will remain online during the maintenance window
- Review and test real-time workload behavior after applying kernel updates
Patch Information
The vulnerability has been addressed in the stable Linux kernel tree. Multiple patches are available:
- Kernel Git Commit Patch 1
- Kernel Git Commit Patch 2
- Kernel Git Commit Patch 3
- Kernel Git Commit Patch 4
- Kernel Git Commit Patch 5
The fix modifies cpudl_clear to be aware of the deadline runqueue online state and removes the now-unnecessary cpudl_set/clear_freecpu helper functions. The free_cpus mask updates are now performed under the cpudl lock using non-atomic __cpumask functions.
Workarounds
- Avoid CPU hotplug operations during critical deadline workload execution windows
- Use CPU isolation (isolcpus) to dedicate specific CPUs to deadline tasks and exclude them from hotplug
- Implement application-level redundancy for deadline-critical tasks across multiple CPUs
- Consider disabling CPU power management features that trigger automatic CPU online/offline transitions
# Workaround: Isolate CPUs for deadline tasks (kernel boot parameter)
# Add to GRUB_CMDLINE_LINUX in /etc/default/grub
isolcpus=2,3 nohz_full=2,3 rcu_nocbs=2,3
# Update grub configuration
update-grub
# Alternatively, use cgroups to pin deadline tasks to specific CPUs
# Create a cpuset for deadline tasks
mkdir /sys/fs/cgroup/cpuset/deadline_tasks
echo 2-3 > /sys/fs/cgroup/cpuset/deadline_tasks/cpuset.cpus
echo 0 > /sys/fs/cgroup/cpuset/deadline_tasks/cpuset.mems
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
