{"id":"CVE-2025-39780","summary":"sched/ext: Fix invalid task state transitions on class switch","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched/ext: Fix invalid task state transitions on class switch\n\nWhen enabling a sched_ext scheduler, we may trigger invalid task state\ntransitions, resulting in warnings like the following (which can be\neasily reproduced by running the hotplug selftest in a loop):\n\n sched_ext: Invalid task state transition 0 -\u003e 3 for fish[770]\n WARNING: CPU: 18 PID: 787 at kernel/sched/ext.c:3862 scx_set_task_state+0x7c/0xc0\n ...\n RIP: 0010:scx_set_task_state+0x7c/0xc0\n ...\n Call Trace:\n  \u003cTASK\u003e\n  scx_enable_task+0x11f/0x2e0\n  switching_to_scx+0x24/0x110\n  scx_enable.isra.0+0xd14/0x13d0\n  bpf_struct_ops_link_create+0x136/0x1a0\n  __sys_bpf+0x1edd/0x2c30\n  __x64_sys_bpf+0x21/0x30\n  do_syscall_64+0xbb/0x370\n  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThis happens because we skip initialization for tasks that are already\ndead (with their usage counter set to zero), but we don't exclude them\nduring the scheduling class transition phase.\n\nFix this by also skipping dead tasks during class swiching, preventing\ninvalid task state transitions.","modified":"2026-03-20T12:43:02.994451Z","published":"2025-09-11T16:56:31.142Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39780.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/6a32cbe95029ebe21cc08349fd7ef2a3d32d2043"},{"type":"WEB","url":"https://git.kernel.org/stable/c/786f6314604b34c3e7de5f733f4e08e35c448a50"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ddf7233fcab6c247379d0928d46cc316ee122229"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39780.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39780"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a8532fac7b5d27b8d62008a89593dccb6f9786ef"},{"fixed":"786f6314604b34c3e7de5f733f4e08e35c448a50"},{"fixed":"6a32cbe95029ebe21cc08349fd7ef2a3d32d2043"},{"fixed":"ddf7233fcab6c247379d0928d46cc316ee122229"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39780.json"}}],"schema_version":"1.7.5"}