Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2025-39895— sched: Fix sched_numa_find_nth_cpu() if mask offline

EPSS 0.02% · P4

Affected Version Matrix 10

VendorProductVersion RangeStatus
LinuxLinuxcd7f55359c90a4108e6528e326b8623fce1ad72a< f9b8d4dba8e78c1887fecd81ba0d8204d6ff05fcaffected
cd7f55359c90a4108e6528e326b8623fce1ad72a< b3ec50cc5eb5ca84256ca701d28b137a6036c412affected
cd7f55359c90a4108e6528e326b8623fce1ad72a< b921c288cd8abef9af5b59e056a63cc2c263a9e3affected
cd7f55359c90a4108e6528e326b8623fce1ad72a< 5ebf512f335053a42482ebff91e46c6dc156bf8caffected
6.3affected
< 6.3unaffected
6.6.105≤ 6.6.*unaffected
6.12.46≤ 6.12.*unaffected
… +2 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-39895

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
sched: Fix sched_numa_find_nth_cpu() if mask offline
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: sched: Fix sched_numa_find_nth_cpu() if mask offline sched_numa_find_nth_cpu() uses a bsearch to look for the 'closest' CPU in sched_domains_numa_masks and given cpus mask. However they might not intersect if all CPUs in the cpus mask are offline. bsearch will return NULL in that case, bail out instead of dereferencing a bogus pointer. The previous behaviour lead to this bug when using maxcpus=4 on an rk3399 (LLLLbb) (i.e. booting with all big CPUs offline): [ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000 [ 1.423635] Mem abort info: [ 1.423889] ESR = 0x0000000096000006 [ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.424715] SET = 0, FnV = 0 [ 1.424995] EA = 0, S1PTW = 0 [ 1.425279] FSC = 0x06: level 2 translation fault [ 1.425735] Data abort info: [ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000 [ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000 [ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP [ 1.429525] Modules linked in: [ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT [ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT) [ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488 [ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488 [ 1.432543] sp : ffffffc084e1b960 [ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0 [ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378 [ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff [ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7 [ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372 [ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860 [ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000 [ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68 [ 1.439332] Call trace: [ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P) [ 1.440016] smp_call_function_any+0xc8/0xd0 [ 1.440416] armv8_pmu_init+0x58/0x27c [ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c [ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8 [ 1.441603] armv8_pmu_device_probe+0x1c/0x28 [ 1.442007] platform_probe+0x5c/0xac [ 1.442347] really_probe+0xbc/0x298 [ 1.442683] __driver_probe_device+0x78/0x12c [ 1.443087] driver_probe_device+0xdc/0x160 [ 1.443475] __driver_attach+0x94/0x19c [ 1.443833] bus_for_each_dev+0x74/0xd4 [ 1.444190] driver_attach+0x24/0x30 [ 1.444525] bus_add_driver+0xe4/0x208 [ 1.444874] driver_register+0x60/0x128 [ 1.445233] __platform_driver_register+0x24/0x30 [ 1.445662] armv8_pmu_driver_init+0x28/0x4c [ 1.446059] do_one_initcall+0x44/0x25c [ 1.446416] kernel_init_freeable+0x1dc/0x3bc [ 1.446820] kernel_init+0x20/0x1d8 [ 1.447151] ret_from_fork+0x10/0x20 [ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803) [ 1.448040] ---[ end trace 0000000000000000 ]--- [ 1.448483] note: swapper/0[1] exited with preempt_count 1 [ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 1.449741] SMP: stopping secondary CPUs [ 1.450105] Kernel Offset: disabled [ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b [ ---truncated---
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未处理离线CPU情况,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux cd7f55359c90a4108e6528e326b8623fce1ad72a ~ f9b8d4dba8e78c1887fecd81ba0d8204d6ff05fc -
LinuxLinux 6.3 -

II. Public POCs for CVE-2025-39895

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-39895

登录查看更多情报信息。
Patch · 1

Same Patch Batch · Linux · 2025-10-01 · 169 CVEs total

CVE-2022-50462MIPS: vpe-mt: fix possible memory leak while module exiting
CVE-2022-50452net: sched: cake: fix null pointer access issue when cake_init() fails
CVE-2022-50451fs/ntfs3: Fix memory leak on ntfs_fill_super() error path
CVE-2022-50453gpiolib: cdev: fix NULL-pointer dereferences
CVE-2022-50454drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
CVE-2022-50457mtd: core: Fix refcount error in del_mtd_device()
CVE-2022-50456btrfs: fix resolving backrefs for inline extent followed by prealloc
CVE-2022-50458clk: tegra: Fix refcount leak in tegra210_clock_init
CVE-2022-50460cifs: Fix xid leak in cifs_flock()
CVE-2022-50459scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
CVE-2022-50461net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open()
CVE-2022-50467scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID
CVE-2023-53488IB/hfi1: Fix possible panic during hotplug remove
CVE-2023-53489tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
CVE-2022-50469staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
CVE-2022-50468platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init()
CVE-2022-50465ext4: fix leaking uninitialized memory in fast-commit journal
CVE-2022-50463powerpc/52xx: Fix a resource leak in an error handling path
CVE-2022-50464mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()
CVE-2022-50448mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in

Showing top 20 of 169 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-39895

No comments yet

Leave a comment