CVE-2025-38012 — Use of Uninitialized Resource in Linux
CWE-908 — Use of Uninitialized ResourceCWE-824 — Access of Uninitialized Pointer11 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 84.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 18
Latest updateAug 28
Description
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
BPF programs may call next() and destroy() on BPF iterators even after new()
returns an error value (e.g. bpf_for_each() macro ignores error returns from
new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized
state after an error return causing bpf_iter_scx_dsq_next() to dereference
garbage data. Make bpf_iter_scx_dsq_new() always clear $k…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux650ba21b131ed1f8ee57826b2c6295a3be221132 — 0102989af4c334d1d98b2a0fd4d61a5152e39b72+3
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime vulnerabilities↗2025-08-18
OSV▶
CVE-2025-38012: In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs m↗2025-06-18
GHSA▶
GHSA-99r2-xh56-23cv: In the Linux kernel, the following vulnerability has been resolved:
sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
BPF programs↗2025-06-18
📋Vendor Advisories
5Debian▶
CVE-2025-38012: linux - In the Linux kernel, the following vulnerability has been resolved: sched_ext: ...↗2025