CVE-2025-40163
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation through drmgr[2]. i.e "drmgr -c cpu -r -q 1" WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219 cpudl_set+0x58/0x170 NIP [c0000000002b6ed8] cpudl_set+0x58/0x170 LR [c0000000002b7cb8] dl_server_timer+0x168/0x2a0 Call Trace: [c000000002c2f8c0] init_stack+0x78c0/0x8000 (unreliable) [c0000000002b7cb8] dl_server_timer+0x168/0x2a0 [c00000000034df84] __hrtimer_run_queues+0x1a4/0x390 [c00000000034f624] hrtimer_interrupt+0x124/0x300 [c00000000002a230] timer_interrupt+0x140/0x320 Git bisects to: commit 4ae8d9aa9f9d ("sched/deadline: Fix dl_server getting stuck") This happens since: - dl_server hrtimer gets enqueued close to cpu offline, when kthread_park enqueues a fair task. - CPU goes offline and drmgr removes it from cpu_present_mask. - hrtimer fires and warning is hit. Fix it by stopping the dl_server before CPU is marked dead. [1]: https://lore.kernel.org/all/[email protected]/ [2]: https://github.com/ibm-power-utilities/powerpc-utils/tree/next/src/drmgr [sshegde: wrote the changelog and tested it]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40163
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the Linux kernel is updated to include the fix that stops the dl_server before the CPU goes offline. This fix prevents the hrtimer from firing after the CPU is removed. Avoid running CPU removal operations that trigger this issue until the kernel is patched.


Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's CPU scheduler deadline code. When a CPU is being taken offline, a high-resolution timer (dl_server hrtimer) related to deadline scheduling can still be active and fire after the CPU is removed from the system. This causes a kernel warning and potentially unstable behavior because the timer callback runs on a CPU that is no longer present. The fix involves stopping the dl_server timer before the CPU is marked offline to prevent this race condition.


How can this vulnerability impact me? :

This vulnerability can cause kernel warnings and potentially unstable or unpredictable behavior during CPU removal operations. It may lead to system instability or crashes when CPUs are taken offline dynamically, affecting system reliability and uptime.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel warnings related to the CPU removal operation, specifically warnings like: "WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219 cpudl_set+0x58/0x170". You can monitor the kernel log for such warnings using commands like 'dmesg | grep cpudl_set' or 'journalctl -k | grep cpudl_set'. Additionally, running the CPU removal command 'drmgr -c cpu -r -q 1' may reproduce the warning if the system is vulnerable.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart