In the Linux kernel, the following vulnerability has been resolved:
schedext: bpfiterscxdsq_new() should always initialize iterator
BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (e.g. bpfforeach() macro ignores error returns from new()). bpfiterscxdsqnew() could leave the iterator in an uninitialized state after an error return causing bpfiterscxdsqnext() to dereference garbage data. Make bpfiterscxdsqnew() always clear $kit->dsq so that next() and destroy() become noops.