CVE-2025-21919

Summary

CVE-2025-21919 is a memory corruption vulnerability affecting the Linux kernel's scheduling component. The issue lies in the function child_cfs_rq_on_list, which converts an incorrect pointer to a cfs_rq struct, resulting in potential memory corruption. This vulnerability arises due to the addition of both cfs_rq and rq structures to the same leaf list, with the rq structure's leaf_cfs_rq_list pointer being used as the 'prev' pointer for the conversion. This can cause a memory fault or the processing of incorrect data. The issue is resolved by adding a check to verify the 'prev' pointer against the current rq's list head, ensuring a valid conversion. This vulnerability might not always result in crashes but could lead to unpredictable behavior when the layout changes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.