CVE-2025-39736
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the deadlock. mem_pool_alloc() -> raw_spin_lock_irqsave(&kmemleak_lock, flags); -> pr_warn_once() -> netconsole subsystem -> netpoll -> __alloc_skb -> __create_object -> raw_spin_lock_irqsave(&kmemleak_lock, flags); Fix this by setting a flag and issuing the pr_warn_once() after kmemleak_lock is released.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39736
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 5.10.244-1
linux kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a deadlock issue in the Linux kernel's memory leak detection subsystem (kmemleak). When netpoll is enabled, calling pr_warn_once() while holding the kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. Essentially, pr_warn_once() may trigger netpoll, which leads to a chain of calls that attempt to reacquire the already held kmemleak_lock, causing the system to hang. The fix involves moving the pr_warn_once() call outside the locked section to avoid this deadlock.

Impact Analysis

This vulnerability can cause the Linux kernel to deadlock (hang) when certain memory allocation warnings are triggered while netpoll is enabled. This can lead to system instability or unresponsiveness, potentially affecting system availability and reliability.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied. The fix involves moving the pr_warn_once() call outside the kmemleak_lock to avoid deadlock. Ensuring that your system is running a patched kernel version will prevent this deadlock issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39736. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart