[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-38234":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":128,"related":129,"reserved_at":9,"published_at":152,"modified_at":153,"state":154,"summary":155,"references_raw":164,"kevs":183,"epss":184,"epss_history":187,"metrics":441,"affected":447},"CVE-2025-38234","In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU's runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs' runqueues. If one of the\nlocks aren't readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-> kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx >= MAX_RT_PRIO)\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? die+0x2a/0x50\n   ? do_trap+0x85/0x100\n   ? pick_next_task_rt+0x6e/0x1d0\n   ? do_error_trap+0x64/0xa0\n   ? pick_next_task_rt+0x6e/0x1d0\n   ? exc_invalid_op+0x4c/0x60\n   ? pick_next_task_rt+0x6e/0x1d0\n   ? asm_exc_invalid_op+0x12/0x20\n   ? pick_next_task_rt+0x6e/0x1d0\n   __schedule+0x5cb/0x790\n   ? update_ts_time_stats+0x55/0x70\n   schedule_idle+0x1e/0x40\n   do_idle+0x15e/0x200\n   cpu_startup_entry+0x19/0x20\n   start_secondary+0x117/0x160\n   secondary_startup_64_no_verify+0xb0/0xbb\n\n-> BUG: kernel NULL pointer dereference, address: 00000000000000c0\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? no_context+0x183/0x350\n   ? __warn+0x8a/0xe0\n   ? exc_page_fault+0x3d6/0x520\n   ? asm_exc_page_fault+0x1e/0x30\n   ? pick_next_task_rt+0xb5/0x1d0\n   ? pick_next_task_rt+0x8c/0x1d0\n   __schedule+0x583/0x7e0\n   ? update_ts_time_stats+0x55/0x70\n   schedule_idle+0x1e/0x40\n   do_idle+0x15e/0x200\n   cpu_startup_entry+0x19/0x20\n   start_secondary+0x117/0x160\n   secondary_startup_64_no_verify+0xb0/0xbb\n\n-> BUG: unable to handle page fault for address: ffff9464daea5900\n   kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq->cpu != task_cpu(p))\n\n-> kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq->nr_running)\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? die+0x2a/0x50\n   ? do_trap+0x85/0x100\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   ? do_error_trap+0x64/0xa0\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   ? exc_invalid_op+0x4c/0x60\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   ? asm_exc_invalid_op+0x12/0x20\n   ? dequeue_top_rt_rq+0xa2/0xb0\n   dequeue_rt_entity+0x1f/0x70\n   dequeue_task_rt+0x2d/0x70\n   __schedule+0x1a8/0x7e0\n   ? blk_finish_plug+0x25/0x40\n   schedule+0x3c/0xb0\n   futex_wait_queue_me+0xb6/0x120\n   futex_wait+0xd9/0x240\n   do_futex+0x344/0xa90\n   ? get_mm_exe_file+0x30/0x60\n   ? audit_exe_compare+0x58/0x70\n   ? audit_filter_rules.constprop.26+0x65e/0x1220\n   __x64_sys_futex+0x148/0x1f0\n   do_syscall_64+0x30/0x80\n   entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-> BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n   Call Trace:\n   ? __die_body+0x1a/0x60\n   ? no_context+0x183/0x350\n   ? spurious_kernel_fault+0x171/0x1c0\n   ? exc_page_fault+0x3b6/0x520\n   ? plist_check_list+0x15/0x40\n   ? plist_check_list+0x2e/0x40\n   ? asm_exc_page_fault+0x1e/0x30\n   ? _cond_resched+0x15/0x30\n   ? futex_wait_queue_me+0xc8/0x120\n   ? futex_wait+0xd9/0x240\n   ? try_to_wake_up+0x1b8/0x490\n   ? futex_wake+0x78/0x160\n   ? do_futex+0xcd/0xa90\n   ? plist_check_list+0x15/0x40\n   ? plist_check_list+0x2e/0x40\n   ? plist_del+0x6a/0xd0\n   ? plist_check_list+0x15/0x40\n   ? plist_check_list+0x2e/0x40\n   ? dequeue_pushable_task+0x20/0x70\n   ? __schedule+0x382/0x7e0\n   ? asm_sysvec_reschedule_i\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126],{"_key":33},"SUSE-SU-2025:3725-1",{"_key":35},"SUSE-SU-2025:3751-1",{"_key":37},"DSA-6126-1",{"_key":39},"RHSA-2025:8246",{"_key":41},"RHSA-2025:8247",{"_key":43},"SUSE-SU-2025:03601-1",{"_key":45},"SUSE-SU-2025:03633-1",{"_key":47},"SUSE-SU-2025:20851-1",{"_key":49},"SUSE-SU-2025:20861-1",{"_key":51},"SUSE-SU-2025:20870-1",{"_key":53},"SUSE-SU-2025:20898-1",{"_key":55},"SUSE-SU-2025:21074-1",{"_key":57},"SUSE-SU-2025:21139-1",{"_key":59},"SUSE-SU-2025:21179-1",{"_key":61},"SUSE-SU-2025:03600-1",{"_key":63},"SUSE-SU-2025:03634-1",{"_key":65},"OPENSUSE-SU-2025:20081-1",{"_key":67},"SUSE-SU-2026:1342-1",{"_key":69},"SUSE-SU-2026:1575-1",{"_key":71},"SUSE-SU-2026:1574-1",{"_key":73},"SUSE-SU-2026:1563-1",{"_key":75},"SUSE-SU-2026:1557-1",{"_key":77},"SUSE-SU-2026:1606-1",{"_key":79},"DEBIAN-CVE-2025-38234",{"_key":81},"RHSA-2025:9584",{"_key":83},"RHSA-2025:20095",{"_key":85},"RHSA-2025:9348",{"_key":87},"RHSA-2025:20518",{"_key":89},"UBUNTU-CVE-2025-38234",{"_key":91},"USN-7833-1",{"_key":93},"USN-7833-2",{"_key":95},"USN-7833-3",{"_key":97},"USN-7833-4",{"_key":99},"USN-7834-1",{"_key":101},"USN-7856-1",{"_key":103},"USN-8179-1",{"_key":105},"USN-8179-2",{"_key":107},"USN-8179-3",{"_key":109},"USN-8179-4",{"_key":111},"USN-8184-1",{"_key":113},"USN-8185-1",{"_key":115},"USN-8185-2",{"_key":117},"USN-8203-1",{"_key":119},"USN-8204-1",{"_key":121},"USN-8258-1",{"_key":123},"USN-8260-1",{"_key":125},"USN-8261-1",{"_key":127},"USN-8265-1",[],[130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150],{"_key":33},{"_key":35},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":151},"CGA-76JQ-4VGQ-34JH","2025-07-04T13:37:46.960Z","2026-05-11T21:23:49.953Z","Analyzed",{"cisa_kev":156,"cisa_ransomware":156,"cisa_vendor":9,"epss_severity":157,"epss_score":158,"severity":159,"severity_score":160,"severity_version":161,"severity_source":162,"severity_vector":163,"severity_status":154},false,"low",0.00019,"medium",4.7,"v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",[165,171,175,179],{"url":166,"sources":167,"tags":169},"https://git.kernel.org/stable/c/debfbc047196df1f6bfd52f2d028c21dce67f0de",[168,162],"cve.org",[170],"Patch",{"url":172,"sources":173,"tags":174},"https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d",[168,162],[170],{"url":176,"sources":177,"tags":178},"https://git.kernel.org/stable/c/690e47d1403e90b7f2366f03b52ed3304194c793",[168,162],[170],{"url":180,"sources":181,"tags":182},"https://git.kernel.org/stable/c/9f6022b2573ae068793810db719e131df3ded405",[168,162],[170],[],{"date":185,"score":158,"percentile":186},"2026-06-03",0.05524,[188,192,195,198,201,204,207,210,213,216,219,222,225,228,230,233,236,239,242,245,248,251,254,257,260,263,266,270,274,277,280,283,286,289,291,294,297,300,303,306,309,312,315,317,320,323,326,329,331,334,336,339,342,345,349,352,355,357,359,362,365,368,370,372,374,377,380,383,386,388,390,393,396,398,400,402,405,407,409,411,413,416,419,422,425,428,430,433,435,438],{"date":189,"score":190,"percentile":191},"2025-11-04",0.00035,0.09609,{"date":193,"score":190,"percentile":194},"2025-11-05",0.09633,{"date":196,"score":190,"percentile":197},"2025-11-06",0.09752,{"date":199,"score":190,"percentile":200},"2025-11-07",0.09772,{"date":202,"score":190,"percentile":203},"2025-11-08",0.09785,{"date":205,"score":190,"percentile":206},"2025-11-09",0.0976,{"date":208,"score":190,"percentile":209},"2025-11-10",0.09722,{"date":211,"score":190,"percentile":212},"2025-11-11",0.09736,{"date":214,"score":190,"percentile":215},"2025-11-12",0.09763,{"date":217,"score":190,"percentile":218},"2025-11-13",0.09808,{"date":220,"score":190,"percentile":221},"2025-11-14",0.0982,{"date":223,"score":190,"percentile":224},"2025-11-15",0.09823,{"date":226,"score":190,"percentile":227},"2025-11-16",0.09828,{"date":229,"score":190,"percentile":221},"2025-11-17",{"date":231,"score":190,"percentile":232},"2025-11-18",0.0598,{"date":234,"score":158,"percentile":235},"2025-11-19",0.02483,{"date":237,"score":158,"percentile":238},"2025-11-20",0.02523,{"date":240,"score":158,"percentile":241},"2025-11-21",0.03959,{"date":243,"score":158,"percentile":244},"2025-11-22",0.03963,{"date":246,"score":158,"percentile":247},"2025-11-23",0.03954,{"date":249,"score":158,"percentile":250},"2025-11-24",0.03935,{"date":252,"score":158,"percentile":253},"2025-11-25",0.03928,{"date":255,"score":158,"percentile":256},"2025-11-26",0.03965,{"date":258,"score":158,"percentile":259},"2025-11-27",0.0398,{"date":261,"score":158,"percentile":262},"2025-11-28",0.03976,{"date":264,"score":158,"percentile":265},"2025-11-29",0.0402,{"date":267,"score":268,"percentile":269},"2025-11-30",0.0001,0.00707,{"date":271,"score":272,"percentile":273},"2025-12-01",0.00009,0.00667,{"date":275,"score":272,"percentile":276},"2025-12-02",0.00664,{"date":278,"score":272,"percentile":279},"2025-12-03",0.0067,{"date":281,"score":272,"percentile":282},"2025-12-04",0.00671,{"date":284,"score":272,"percentile":285},"2025-12-05",0.00679,{"date":287,"score":272,"percentile":288},"2025-12-06",0.00677,{"date":290,"score":272,"percentile":288},"2025-12-07",{"date":292,"score":272,"percentile":293},"2025-12-08",0.00681,{"date":295,"score":272,"percentile":296},"2025-12-09",0.00694,{"date":298,"score":272,"percentile":299},"2025-12-10",0.00613,{"date":301,"score":272,"percentile":302},"2025-12-11",0.00611,{"date":304,"score":268,"percentile":305},"2025-12-12",0.00856,{"date":307,"score":268,"percentile":308},"2025-12-13",0.00852,{"date":310,"score":268,"percentile":311},"2025-12-14",0.0085,{"date":313,"score":268,"percentile":314},"2025-12-15",0.00846,{"date":316,"score":268,"percentile":308},"2025-12-16",{"date":318,"score":268,"percentile":319},"2025-12-17",0.00857,{"date":321,"score":268,"percentile":322},"2025-12-18",0.00854,{"date":324,"score":268,"percentile":325},"2025-12-19",0.00858,{"date":327,"score":268,"percentile":328},"2025-12-20",0.00855,{"date":330,"score":268,"percentile":325},"2025-12-21",{"date":332,"score":268,"percentile":333},"2025-12-22",0.00862,{"date":335,"score":268,"percentile":325},"2025-12-23",{"date":337,"score":268,"percentile":338},"2025-12-24",0.00859,{"date":340,"score":268,"percentile":341},"2025-12-25",0.00863,{"date":343,"score":268,"percentile":344},"2025-12-26",0.00865,{"date":346,"score":347,"percentile":348},"2025-12-27",0.00011,0.01016,{"date":350,"score":268,"percentile":351},"2025-12-28",0.00864,{"date":353,"score":268,"percentile":354},"2025-12-29",0.0086,{"date":356,"score":268,"percentile":354},"2025-12-30",{"date":358,"score":268,"percentile":305},"2025-12-31",{"date":360,"score":268,"percentile":361},"2026-01-01",0.00869,{"date":363,"score":268,"percentile":364},"2026-01-02",0.00875,{"date":366,"score":268,"percentile":367},"2026-01-03",0.00876,{"date":369,"score":268,"percentile":319},"2026-01-04",{"date":371,"score":268,"percentile":333},"2026-01-05",{"date":373,"score":268,"percentile":338},"2026-01-06",{"date":375,"score":268,"percentile":376},"2026-01-07",0.00861,{"date":378,"score":272,"percentile":379},"2026-01-08",0.00711,{"date":381,"score":272,"percentile":382},"2026-01-09",0.00719,{"date":384,"score":272,"percentile":385},"2026-01-10",0.00721,{"date":387,"score":272,"percentile":385},"2026-01-11",{"date":389,"score":272,"percentile":382},"2026-01-12",{"date":391,"score":272,"percentile":392},"2026-01-13",0.00718,{"date":394,"score":272,"percentile":395},"2026-01-14",0.00716,{"date":397,"score":272,"percentile":382},"2026-01-15",{"date":399,"score":272,"percentile":382},"2026-01-16",{"date":401,"score":272,"percentile":382},"2026-01-17",{"date":403,"score":272,"percentile":404},"2026-01-18",0.00723,{"date":406,"score":272,"percentile":385},"2026-01-19",{"date":408,"score":272,"percentile":392},"2026-01-20",{"date":410,"score":272,"percentile":395},"2026-01-21",{"date":412,"score":272,"percentile":392},"2026-01-22",{"date":414,"score":272,"percentile":415},"2026-01-23",0.00727,{"date":417,"score":272,"percentile":418},"2026-01-24",0.00733,{"date":420,"score":272,"percentile":421},"2026-01-25",0.00734,{"date":423,"score":272,"percentile":424},"2026-01-26",0.00735,{"date":426,"score":272,"percentile":427},"2026-01-27",0.00738,{"date":429,"score":272,"percentile":379},"2026-01-28",{"date":431,"score":272,"percentile":432},"2026-01-29",0.00714,{"date":434,"score":272,"percentile":404},"2026-01-30",{"date":436,"score":272,"percentile":437},"2026-01-31",0.00729,{"date":439,"score":272,"percentile":440},"2026-02-01",0.00732,[442],{"source":162,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":9},{"baseScore":160,"baseSeverity":444,"vectorString":163,"impactScore":445,"exploitabilityScore":446},"MEDIUM",6,2.6,[448,471],{"ecosystem":9,"name":449,"vendor":450,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"Linux","linux","a",[453,460,463,466,469],{"version":454,"is_range":455,"range_type":168,"version_start":456,"version_start_type":457,"version_end":458,"version_end_type":459,"fixed_in":9},">= e8fa136262e1121288bb93befe2295928ffd240d, \u003C 9f6022b2573ae068793810db719e131df3ded405",true,"e8fa136262e1121288bb93befe2295928ffd240d","including","9f6022b2573ae068793810db719e131df3ded405","excluding",{"version":461,"is_range":455,"range_type":168,"version_start":456,"version_start_type":457,"version_end":462,"version_end_type":459,"fixed_in":9},">= e8fa136262e1121288bb93befe2295928ffd240d, \u003C debfbc047196df1f6bfd52f2d028c21dce67f0de","debfbc047196df1f6bfd52f2d028c21dce67f0de",{"version":464,"is_range":455,"range_type":168,"version_start":456,"version_start_type":457,"version_end":465,"version_end_type":459,"fixed_in":9},">= e8fa136262e1121288bb93befe2295928ffd240d, \u003C 07ecabfbca64f4f0b6071cf96e49d162fa9d138d","07ecabfbca64f4f0b6071cf96e49d162fa9d138d",{"version":467,"is_range":455,"range_type":168,"version_start":456,"version_start_type":457,"version_end":468,"version_end_type":459,"fixed_in":9},">= e8fa136262e1121288bb93befe2295928ffd240d, \u003C 690e47d1403e90b7f2366f03b52ed3304194c793","690e47d1403e90b7f2366f03b52ed3304194c793",{"version":470,"is_range":156,"range_type":168,"version_start":470,"version_start_type":457,"version_end":470,"version_end_type":457,"fixed_in":9},"2.6.25",{"ecosystem":9,"name":472,"vendor":450,"product":473,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"linux kernel","linux_kernel","o",[476],{"version":477,"is_range":455,"range_type":478,"version_start":9,"version_start_type":9,"version_end":479,"version_end_type":459,"fixed_in":9},"lt6.15.4","cpe","6.15.4"]