5.5

CVE-2025-39736

mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock

In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock

When netpoll is enabled, calling pr_warn_once() while holding
kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock
inversion with the netconsole subsystem.  This occurs because
pr_warn_once() may trigger netpoll, which eventually leads to
__alloc_skb() and back into kmemleak code, attempting to reacquire
kmemleak_lock.

This is the path for the deadlock.

mem_pool_alloc()
  -> raw_spin_lock_irqsave(&kmemleak_lock, flags);
      -> pr_warn_once()
          -> netconsole subsystem
	     -> netpoll
	         -> __alloc_skb
		   -> __create_object
		     -> raw_spin_lock_irqsave(&kmemleak_lock, flags);

Fix this by setting a flag and issuing the pr_warn_once() after
kmemleak_lock is released.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4 < 5.4.297
LinuxLinux Kernel Version >= 5.5 < 5.10.241
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.149
LinuxLinux Kernel Version >= 6.2 < 6.6.103
LinuxLinux Kernel Version >= 6.7 < 6.12.43
LinuxLinux Kernel Version >= 6.13 < 6.15.11
LinuxLinux Kernel Version >= 6.16 < 6.16.2
LinuxLinux Kernel Version6.17 Updaterc1
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.022
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/c7b6ea0ede687e7460e593c5ea478f50aa41682a
Patch
https://git.kernel.org/stable/c/4b0151e1d468eb2667c37b7af99b3c075072d334
Patch
https://git.kernel.org/stable/c/f249d32bb54876b4b6c3ae071af8ddca77af390b
Patch
https://git.kernel.org/stable/c/62879faa8efe8d8a9c7bf7606ee9c068012d7dac
Patch
https://git.kernel.org/stable/c/1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d
Patch
https://git.kernel.org/stable/c/a0854de00ce2ee27edf39037e7836ad580eb3350
Patch
https://git.kernel.org/stable/c/08f70be5e406ce47c822f2dd11c1170ca259605b
Patch
https://git.kernel.org/stable/c/a181b228b37a6a5625dad2bb4265bb7abb673e9f
Patch
https://git.kernel.org/stable/c/47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-032379.html