CVE-2025-38614

EPSS 0.02%
Veröffentlicht 19.08.2025 17:15:40
Zuletzt bearbeitet 09.01.2026 16:08:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: Fix semi-unbounded recursion

Ensure that epoll instances can never form a graph deeper than
EP_MAX_NESTS+1 links.

Currently, ep_loop_check_proc() ensures that the graph is loop-free and
does some recursion depth checks, but those recursion depth checks don't
limit the depth of the resulting tree for two reasons:

 - They don't look upwards in the tree.
 - If there are multiple downwards paths of different lengths, only one of
   the paths is actually considered for the depth check since commit
   28d82dc1c4ed ("epoll: limit paths").

Essentially, the current recursion depth check in ep_loop_check_proc() just
serves to prevent it from recursing too deeply while checking for loops.

A more thorough check is done in reverse_path_check() after the new graph
edge has already been created; this checks, among other things, that no
paths going upwards from any non-epoll file with a length of more than 5
edges exist. However, this check does not apply to non-epoll files.

As a result, it is possible to recurse to a depth of at least roughly 500,
tested on v6.15. (I am unsure if deeper recursion is possible; and this may
have changed with commit 8c44dac8add7 ("eventpoll: Fix priority inversion
problem").)

To fix it:

1. In ep_loop_check_proc(), note the subtree depth of each visited node,
and use subtree depths for the total depth calculation even when a subtree
has already been visited.
2. Add ep_get_upwards_depth_proc() for similarly determining the maximum
depth of an upwards walk.
3. In ep_loop_check(), use these values to limit the total path length
between epoll nodes to EP_MAX_NESTS edges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.32.30 < 2.6.33

Linux ≫ Linux Kernel Version >= 2.6.33.8 < 2.6.34

Linux ≫ Linux Kernel Version >= 2.6.34.10 < 2.6.35

Linux ≫ Linux Kernel Version >= 2.6.35.12 < 2.6.36

Linux ≫ Linux Kernel Version >= 2.6.37.3 < 2.6.38

Linux ≫ Linux Kernel Version >= 2.6.38.1 < 5.15.190

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.149

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.103

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.43

Linux ≫ Linux Kernel Version >= 6.13 < 6.15.11

Linux ≫ Linux Kernel Version >= 6.16 < 6.16.1

Linux ≫ Linux Kernel Version2.6.38 Update-

Linux ≫ Linux Kernel Version2.6.38 Updaterc7

Linux ≫ Linux Kernel Version2.6.38 Updaterc8

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://git.kernel.org/stable/c/3542c90797bc3ab83ebab54b737d751cf3682036

Patch

https://git.kernel.org/stable/c/f2e467a48287c868818085aa35389a224d226732

Patch

https://git.kernel.org/stable/c/7a2125962c42d5336ca0495a9ce4cb38a63e9161

Patch

https://git.kernel.org/stable/c/ea5f97dbdcb1651581a22bd10afd2f0dd9dc11d6

Patch

https://git.kernel.org/stable/c/1b13b033062824495554e836a1ff5f85ccf6b039

Patch

https://git.kernel.org/stable/c/2a0c0c974bea9619c6f41794775ae4b97530e0e6

Patch