CVE-2025-21919Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write70 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV5.9OSV5.5OSV4.7
EPSS
0.1%
top 79.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedApr 1
Latest updateOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel5.135.15.179+5
Debianlinux/linux_kernel< 6.1.133-1+2
Ubuntulinux/linux_kernel< 5.15.0-140.150+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

34
OSV
linux-oracle-6.8 vulnerabilities2025-10-15
OSV
linux-azure-nvidia vulnerabilities2025-10-08
OSV
linux-oracle vulnerabilities2025-10-06
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-10-02
OSV
linux-raspi-realtime vulnerabilities2025-10-02

📋Vendor Advisories

35
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-15
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-06
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-10-02
Ubuntu
Linux kernel (HWE) vulnerabilities2025-10-02
CVE-2025-21919 — Out-of-bounds Write in Linux | cvebase