CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-49573: sched/fair: Fix NEXT_BUDDY

Description

In the Linux kernel, the following vulnerability has been resolved:

sched/fair: Fix NEXT_BUDDY

Adam reports that enabling NEXT_BUDDY insta triggers a WARN in
pick_next_entity().

Moving clear_buddies() up before the delayed dequeue bits ensures
no ->next buddy becomes delayed. Further ensure no new ->next buddy
ever starts as delayed.

Classification

CVE ID: CVE-2024-49573

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.47% (scored less or equal to compared to others)

EPSS Date: 2025-02-09 (when was this score calculated)

References

https://git.kernel.org/stable/c/5dbe6816c49197677a5ecce749bd99929da147da
https://git.kernel.org/stable/c/493afbd187c4c9cc1642792c0d9ba400c3d6d90d

Timeline

2025-01-12 00:30:24 UTC
CVE

sched/fair: Fix NEXT_BUDDY