CVE-2025-39736
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the deadlock. mem_pool_alloc() -> raw_spin_lock_irqsave(&kmemleak_lock, flags); -> pr_warn_once() -> netconsole subsystem -> netpoll -> __alloc_skb -> __create_object -> raw_spin_lock_irqsave(&kmemleak_lock, flags); Fix this by setting a flag and issuing the pr_warn_once() after kmemleak_lock is released.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-11-03
Generated
2026-05-27
AI Q&A
2025-09-11
EPSS Evaluated
2026-05-25
NVD
CVE-2025-39736
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 5.10.244-1
linux kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a deadlock issue in the Linux kernel's memory leak detection subsystem (kmemleak). When netpoll is enabled, calling pr_warn_once() while holding the kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. Essentially, pr_warn_once() may trigger netpoll, which leads to a chain of calls that attempt to reacquire the already held kmemleak_lock, causing the system to hang. The fix involves moving the pr_warn_once() call outside the locked section to avoid this deadlock.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to deadlock (hang) when certain memory allocation warnings are triggered while netpoll is enabled. This can lead to system instability or unresponsiveness, potentially affecting system availability and reliability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied. The fix involves moving the pr_warn_once() call outside the kmemleak_lock to avoid deadlock. Ensuring that your system is running a patched kernel version will prevent this deadlock issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart