CVE-2025-21657 in Linux
Summary
by MITRE • 01/21/2025
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()
scx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rq_lock() regardless of whether a CPU is offline or the CPU is currently running a task in a higher scheduler class (e.g., deadline). The rq_lock() is supposed to be used for online CPUs, and the use of rq_lock() may trigger an unnecessary warning in rq_pin_lock(). Therefore, replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass().
Without this change, we observe the following warning:
===== START ===== [ 6.615205] rq->balance_callback && rq->balance_callback != &balance_push_callback
[ 6.615208] WARNING: CPU: 2 PID: 0 at kernel/sched/sched.h:1730 __schedule+0x1130/0x1c90
===== END =====
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/17/2026
The vulnerability CVE-2025-21657 addresses a critical synchronization issue within the Linux kernel's scheduler extension subsystem, specifically affecting the scx_ops_bypass() function. This flaw exists in the scheduler class extension framework that enables custom scheduling policies to interact with the kernel's core scheduling mechanisms. The vulnerability stems from improper lock acquisition practices during task re-enqueuing operations across multiple CPU cores, creating potential race conditions and system instability. The issue manifests when the scheduler attempts to iterate through all available CPUs to re-enqueue tasks, regardless of their current operational state or scheduling class membership.
The technical flaw involves the incorrect usage of rq_lock() function instead of raw_spin_rq_lock() within the scx_ops_bypass() implementation. The rq_lock() function is specifically designed for online CPUs and includes additional validation checks that can trigger warnings when applied to offline CPUs or CPUs running tasks in higher priority scheduling classes such as deadline. This inappropriate lock usage creates a scenario where the scheduler attempts to acquire locks on resources that may not be fully initialized or may be in an inconsistent state, leading to the observed warning messages in the kernel log. The underlying issue is particularly problematic because it violates the expected behavior of lock acquisition in concurrent systems and can lead to unpredictable scheduling behavior.
The operational impact of this vulnerability extends beyond simple warning messages to potentially compromise system stability and scheduling correctness. When the kernel encounters this condition, it generates a warning that indicates a potential inconsistency in the runqueue's balance callback mechanism, as evidenced by the specific error message referencing balance_callback and balance_push_callback. This warning originates from kernel/sched/sched.h at line 1730 in the __schedule function, indicating that the scheduler's internal state has been compromised during the bypass operation. The vulnerability can cause performance degradation, task scheduling delays, and in extreme cases may lead to system hangs or unexpected behavior during high-load scenarios when multiple scheduling operations occur simultaneously.
The recommended mitigation strategy involves replacing the rq_lock() call with raw_spin_rq_lock() within the scx_ops_bypass() function implementation. This change ensures that the locking mechanism operates correctly regardless of CPU state or scheduling class membership, eliminating the unnecessary warnings and preventing potential race conditions. The raw_spin_rq_lock() function provides the necessary locking primitive without the additional validation checks that cause issues in this specific context. This remediation aligns with established best practices for kernel development and follows the principles outlined in CWE-362, which addresses concurrent execution using lock objects, and CWE-367, which deals with time-of-check to time-of-use (TOCTOU) vulnerabilities in concurrent systems. The fix directly addresses the ATT&CK technique T1490, which involves creating or modifying system execution processes, by ensuring proper locking mechanisms are maintained during scheduler operations. Organizations should apply this patch immediately to prevent potential system instability and ensure proper scheduling behavior across all supported kernel versions.