Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68780

CVE-2025-68780: Linux Kernel Scheduler DoS Vulnerability

CVE-2025-68780 is a denial of service flaw in the Linux kernel deadline scheduler that can cause tasks to be pushed to offline CPUs. This article covers the technical details, affected versions, and mitigation steps.

Updated:

CVE-2025-68780 Overview

CVE-2025-68780 is a Linux kernel vulnerability in the deadline scheduler (sched/deadline) subsystem. The flaw allows the cpu_dl::free_cpus mask to incorrectly indicate that an offline CPU runqueue is available for deadline task placement. When this state persists after a CPU is unplugged, the scheduler may push a deadline task to a powered-down CPU, preventing the task from running.

The issue affects systems that use CPU hotplug operations together with the deadline scheduling class, including real-time workloads that rely on SCHED_DEADLINE tasks. The bug results in scheduling correctness failures rather than memory corruption.

Critical Impact

Deadline tasks can be pushed to offline CPUs and fail to execute, producing missed deadlines, hung real-time workloads, and potential denial of service for time-critical processes.

Affected Products

  • Linux kernel versions containing commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") and commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()")
  • Linux distributions shipping affected stable kernel branches
  • Systems running real-time or deadline-scheduled workloads with CPU hotplug enabled

Discovery Timeline

  • 2026-01-13 - CVE-2025-68780 published to NVD
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2025-68780

Vulnerability Analysis

The Linux deadline scheduler tracks CPUs available for deadline task placement using the cpu_dl::free_cpus bitmask. The cpudl_find() function consults this mask to select a target CPU when pushing a deadline task. Earlier optimizations removed the cpu_active_mask check from cpudl_find() based on the assumption that free_cpus always reflected the runqueue online state.

That assumption does not hold. The cpudl_clear() function can set the free_cpus bit for a CPU whose deadline runqueue is offline. If the CPU is attached to the default root domain at the time, the stale bit persists after the CPU is unplugged. A later push from a different CPU may then select the offlined target, and the migrated deadline task never runs.

A second trigger occurs when the last deadline task is migrated away from a CPU with an offline runqueue. The deadline class dequeue_task callback eventually calls cpudl_clear(), which sets the free_cpus bit despite the runqueue being offline.

Root Cause

The root cause is a state synchronization defect [CWE-662] between the cpu_dl::free_cpus mask and the deadline runqueue online state. The cpudl_set_freecpu and cpudl_clear_freecpu helpers manipulated the mask outside of the cpudl lock, allowing the mask to diverge from the runqueue state across hotplug and root domain transitions.

Attack Vector

This vulnerability is not a remote attack vector. It is a correctness defect triggered by legitimate kernel operations: CPU hotplug events, root domain reconfiguration, and migration of SCHED_DEADLINE tasks. A local workload that combines deadline tasks with CPU online/offline transitions can reproduce the inconsistent state and observe deadline tasks that fail to execute.

The fix modifies cpudl_clear() to check the online state of the deadline runqueue before updating free_cpus. The cpudl_set_freecpu and cpudl_clear_freecpu helpers are removed because the mask is now only updated under the cpudl lock, allowing the code to switch to the non-atomic __cpumask variants. See the upstream commits referenced in Linux Kernel Commit 382748c and Linux Kernel Commit fb36846 for the exact code changes.

Detection Methods for CVE-2025-68780

Indicators of Compromise

  • Deadline tasks (SCHED_DEADLINE policy) that remain runnable but never get CPU time after a hotplug event
  • Kernel logs showing CPU offline transitions immediately followed by missed deadline reports from real-time workloads
  • chrt -d or sched_setattr() workloads stalling on systems that exercise cpu hotplug through /sys/devices/system/cpu/cpuN/online

Detection Strategies

  • Inventory running kernels against the fixed stable commits and flag hosts pinned to vulnerable versions
  • Audit workloads for use of SCHED_DEADLINE combined with CPU hotplug automation, container CPU pinning changes, or power management daemons
  • Correlate deadline task stalls with cpu_hotplug and sched_domain events in ftrace or perf sched traces

Monitoring Recommendations

  • Enable sched_switch, sched_migrate_task, and cpuhp_enter tracepoints to identify deadline tasks migrated to offline CPUs
  • Alert on SCHED_DEADLINE tasks whose last_run timestamp exceeds their period while the task remains in the runnable state
  • Track kernel version drift across the fleet so unpatched stable branches are visible in asset inventory

How to Mitigate CVE-2025-68780

Immediate Actions Required

  • Update to a Linux stable kernel that includes one of the fix commits: 382748c, 3ed049f, 9019e39, 91e448e, dbc6183, or fb36846
  • Prioritize patching hosts running real-time workloads or container platforms that perform frequent CPU hotplug operations
  • Validate distribution kernel package versions against vendor advisories before scheduling reboots

Patch Information

The fix is delivered through the following upstream commits: Linux Kernel Commit 382748c, Linux Kernel Commit 3ed049f, Linux Kernel Commit 9019e39, Linux Kernel Commit 91e448e, Linux Kernel Commit dbc6183, and Linux Kernel Commit fb36846. The patch makes cpudl_clear() aware of the deadline runqueue online state and removes the now-unnecessary cpudl_set/clear_freecpu helpers.

Workarounds

  • Avoid CPU hotplug operations on systems running SCHED_DEADLINE workloads until the kernel is patched
  • Pin deadline tasks to a stable set of CPUs that are not subject to online/offline transitions using sched_setaffinity()
  • Disable CPU hotplug automation in power management or orchestration agents on affected hosts
bash
# Verify the running kernel version and confirm the fix is present
uname -r

# Check which CPUs are currently online before scheduling deadline workloads
cat /sys/devices/system/cpu/online

# Pin a deadline task to a known-online CPU set as a temporary workaround
taskset -c 0-3 chrt -d --sched-runtime 10000000 \
  --sched-deadline 30000000 --sched-period 30000000 0 ./realtime_app

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.