CVE-2025-38234

MEDIUMNVD 4.74.7
EchelonGraph scoreMEDIUM confidence

Score 4.7 from GitHub Security Advisory published 2025-07-04. NVD baseline CVSS 4.7; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
4.7
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 4.7Exploit: NoneExposed: 0

A fix is available — apply it.

In the Linux kernel, the following vulnerability has been resolved:

sched/rt: Fix race in push_rt_task

Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migrated and is running on some other CPU. These cases are already handled. However, if the task is migrated and has already been executed and another CPU is now trying to wake it up (ttwu) such that it is queued again on the runqeue (on_rq is 1) and also if the task was run by the same CPU, then the current checks will pass even though the task was migrated out and is no longer in the pushable tasks list.

Crashes ======= This bug resulted in quite a few flavors of crashes triggering kernel panics with various crash signatures such as assert failures, page faults, null pointer dereferences, and queue corruption errors all coming from scheduler itself.

Some of the crashes: -> kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx >= MAX_RT_PRIO) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? pick_next_task_rt+0x6e/0x1d0 ? do_error_trap+0x64/0xa0 ? pick_next_task_rt+0x6e/0x1d0 ? exc_invalid_op+0x4c/0x60 ? pick_next_task_rt+0x6e/0x1d0 ? asm_exc_invalid_op+0x12/0x20 ? pick_next_task_rt+0x6e/0x1d0 __schedule+0x5cb/0x790 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb

-> BUG: kernel NULL pointer dereference, address: 00000000000000c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? __warn+0x8a/0xe0 ? exc_page_fault+0x3d6/0x520 ? asm_exc_page_fault+0x1e/0x30 ? pick_next_task_rt+0xb5/0x1d0 ? pick_next_task_rt+0x8c/0x1d0 __schedule+0x583/0x7e0 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb

-> BUG: unable to handle page fault for address: ffff9464daea5900 kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq->cpu != task_cpu(p))

-> kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq->nr_running) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? dequeue_top_rt_rq+0xa2/0xb0 ? do_error_trap+0x64/0xa0 ? dequeue_top_rt_rq+0xa2/0xb0 ? exc_invalid_op+0x4c/0x60 ? dequeue_top_rt_rq+0xa2/0xb0 ? asm_exc_invalid_op+0x12/0x20 ? dequeue_top_rt_rq+0xa2/0xb0 dequeue_rt_entity+0x1f/0x70 dequeue_task_rt+0x2d/0x70 __schedule+0x1a8/0x7e0 ? blk_finish_plug+0x25/0x40 schedule+0x3c/0xb0 futex_wait_queue_me+0xb6/0x120 futex_wait+0xd9/0x240 do_futex+0x344/0xa90 ? get_mm_exe_file+0x30/0x60 ? audit_exe_compare+0x58/0x70 ? audit_filter_rules.constprop.26+0x65e/0x1220 __x64_sys_futex+0x148/0x1f0 do_syscall_64+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x62/0xc7

-> BUG: unable to handle page fault for address: ffff8cf3608bc2c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? spurious_kernel_fault+0x171/0x1c0 ? exc_page_fault+0x3b6/0x520 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? asm_exc_page_fault+0x1e/0x30 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x120 ? futex_wait+0xd9/0x240 ? try_to_wake_up+0x1b8/0x490 ? futex_wake+0x78/0x160 ? do_futex+0xcd/0xa90 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? plist_del+0x6a/0xd0 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? dequeue_pushable_task+0x20/0x70 ? __schedule+0x382/0x7e0 ? asm_sysvec_reschedule_i ---truncated---

CVSS v3
4.7
EG Score
4.7(medium)
EPSS
3.0%
KEV
Not listed

Published

July 4, 2025

Last Modified

March 17, 2026

Vendor Advisories for CVE-2025-38234(3)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(25)

Vendor / EcosystemFixed in / PatchReleasedSource
ubuntulinux-virtual-hwe-24.04-edge (6.14.0-34.34~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-tools-aws-edge (6.14.0-1015.15~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-tools-realtime-6.8.1 (6.8.1-1047.48) @ noble2026-05-30ubuntu
ubuntulinux-tools-raspi-6.8 (6.8.0-1052.56) @ noble2026-05-30ubuntu
ubuntulinux-tools-gcp-fips-6.8 (6.8.0-1054.57+fips1) @ noble2026-05-30ubuntu
ubuntulinux-tools-nvidia-tegra-rt-6.8 (6.8.0-1022.22) @ noble2026-05-30ubuntu
ubuntulinux-tools-nvidia-64k-6.8 (6.8.0-1051.54) @ noble2026-05-30ubuntu
ubuntulinux-tools-gcp-edge (6.8.0-1054.57~22.04.1) @ jammy2026-05-30ubuntu
ubuntulinux-tools-azure-lts-24.04 (6.8.0-1054.60) @ noble2026-05-30ubuntu
ubuntulinux-tools-azure-fips-6.8 (6.8.0-1054.60+fips1) @ noble2026-05-30ubuntu
ubuntulinux-xilinx-zynqmp (6.8.0.1029.30) @ noble2026-05-30ubuntu
ubuntulinux-tools-oracle-lts-24.04 (6.8.0-1049.50) @ noble2026-05-30ubuntu
ubuntulinux-tools-raspi-realtime-6.8 (6.8.0-2042.43) @ noble2026-05-30ubuntu
ubuntulinux-tools-nvidia-lowlatency-64k-6.8 (6.8.0-1051.54.1) @ noble2026-05-30ubuntu
ubuntulinux-virtual-hwe-24.04-edge (6.14.0-34.34) @ plucky2026-05-30ubuntu
ubuntulinux-tools-azure-6.14 (6.14.0-1014.14) @ plucky2026-05-30ubuntu
ubuntulinux-tools-realtime-hwe-24.04-edge (6.14.0-1014.14~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-tools-gcp-edge (6.14.0-1018.19~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-virtual-6.8 (6.8.0-110.110) @ noble2026-05-30ubuntu
redhatkernel-0:6.12.0-124.8.1.el10_12025-11-11redhat
redhatkernel-0:5.14.0-611.5.1.el9_72025-11-11redhat
redhatkernel-0:5.14.0-427.74.1.el9_42025-06-25redhat
redhatkernel-0:6.12.0-55.18.1.el10_02025-06-23redhat
redhatkernel-rt-0:4.18.0-553.54.1.rt7.395.el8_102025-05-28redhat
redhatkernel-0:4.18.0-553.54.1.el8_102025-05-28redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Additional Vendor Advisories

(22)

Data Freshness Timeline

(refreshed 9× in last 7d / 45× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-15 16:57 UTCEPSS rescore
  2. 2026-07-15 16:57 UTCEPSS rescore
  3. 2026-07-15 01:59 UTCEPSS rescore
  4. 2026-07-15 01:59 UTCEPSS rescore
  5. 2026-07-13 22:29 UTCEPSS rescore
  6. 2026-07-13 22:29 UTCEPSS rescore
  7. 2026-07-12 05:46 UTCEPSS rescore
  8. 2026-07-09 19:09 UTCEPSS rescore
  9. 2026-07-09 19:09 UTCEPSS rescore
  10. 2026-07-07 13:45 UTCEPSS rescore
  11. 2026-07-06 20:04 UTCOSV refresh
  12. 2026-07-06 16:27 UTCEPSS rescore
  13. 2026-07-06 16:27 UTCEPSS rescore
  14. 2026-07-06 02:23 UTCEPSS rescore
  15. 2026-07-04 06:30 UTCEPSS rescore
  16. 2026-06-30 23:22 UTCEPSS rescore
  17. 2026-06-30 23:22 UTCEPSS rescore
  18. 2026-06-29 14:06 UTCEPSS rescore
  19. 2026-06-29 14:06 UTCEPSS rescore
  20. 2026-06-28 14:07 UTCEPSS rescore
  21. 2026-06-28 14:07 UTCEPSS rescore
  22. 2026-06-28 04:55 UTCEPSS rescore
  23. 2026-06-28 04:55 UTCEPSS rescore
  24. 2026-06-27 03:08 UTCEPSS rescore
  25. 2026-06-27 03:08 UTCEPSS rescore
Show 46 more
  1. 2026-06-25 13:49 UTCEPSS rescore
  2. 2026-06-25 13:49 UTCEPSS rescore
  3. 2026-06-24 14:04 UTCEPSS rescore
  4. 2026-06-24 14:04 UTCEPSS rescore
  5. 2026-06-23 21:32 UTCEPSS rescore
  6. 2026-06-23 21:32 UTCEPSS rescore
  7. 2026-06-22 14:25 UTCEPSS rescore
  8. 2026-06-22 14:25 UTCEPSS rescore
  9. 2026-06-21 14:56 UTCEPSS rescore
  10. 2026-06-21 14:56 UTCEPSS rescore
  11. 2026-06-21 01:59 UTCEPSS rescore
  12. 2026-06-21 01:59 UTCEPSS rescore
  13. 2026-06-19 19:25 UTCEPSS rescore
  14. 2026-06-19 19:25 UTCEPSS rescore
  15. 2026-06-18 17:52 UTCEPSS rescore
  16. 2026-06-18 17:52 UTCEPSS rescore
  17. 2026-06-18 08:14 UTCOSV refresh
  18. 2026-06-17 17:52 UTCEPSS rescore
  19. 2026-06-16 17:52 UTCEPSS rescore
  20. 2026-06-16 17:52 UTCEPSS rescore
  21. 2026-06-14 23:17 UTCEPSS rescore
  22. 2026-06-13 23:00 UTCEPSS rescore
  23. 2026-06-12 23:11 UTCEPSS rescore
  24. 2026-06-11 14:00 UTCEPSS rescore
  25. 2026-06-10 22:18 UTCEPSS rescore
  26. 2026-06-10 13:22 UTCEPSS rescore
  27. 2026-06-08 14:16 UTCEPSS rescore
  28. 2026-06-08 14:16 UTCEPSS rescore
  29. 2026-06-06 13:47 UTCEPSS rescore
  30. 2026-06-06 13:47 UTCEPSS rescore
  31. 2026-06-05 22:46 UTCEPSS rescore
  32. 2026-06-05 22:46 UTCEPSS rescore
  33. 2026-06-05 06:10 UTCEPSS rescore
  34. 2026-06-05 06:10 UTCEPSS rescore
  35. 2026-06-04 13:12 UTCEPSS rescore
  36. 2026-06-04 13:12 UTCEPSS rescore
  37. 2026-06-02 20:12 UTCEPSS rescore
  38. 2026-06-01 13:51 UTCEPSS rescore
  39. 2026-06-01 13:51 UTCEPSS rescore
  40. 2026-05-31 22:30 UTCEPSS rescore
  41. 2026-05-31 22:30 UTCEPSS rescore
  42. 2026-05-31 00:16 UTCEPSS rescore
  43. 2026-05-30 02:34 UTCEG score recompute
  44. 2026-05-30 02:34 UTCVendor advisory
  45. 2026-05-30 02:34 UTCGHSA enrichment
  46. 2026-05-29 13:44 UTCEPSS rescore

Frequently asked(5)

What is CVE-2025-38234?
CVE-2025-38234 is a medium vulnerability published on July 4, 2025. In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowest_rq method which would take a double lock on both CPUs'…
When was CVE-2025-38234 disclosed?
CVE-2025-38234 was first published in the National Vulnerability Database on July 4, 2025, with the most recent update on March 17, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2025-38234 actively exploited?
CVE-2025-38234 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 3.0% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2025-38234?
CVE-2025-38234 has a CVSS v3 base score of 4.7 (NVD).
How do I remediate CVE-2025-38234?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2025-38234, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2025-38234

Explore →

Is Your Infrastructure Affected by CVE-2025-38234?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.