-

CVE-2025-39736

EPSS 0.05%
Veröffentlicht 11.09.2025 16:52:11
Zuletzt bearbeitet 03.11.2025 18:16:45
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock

When netpoll is enabled, calling pr_warn_once() while holding
kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock
inversion with the netconsole subsystem.  This occurs because
pr_warn_once() may trigger netpoll, which eventually leads to
__alloc_skb() and back into kmemleak code, attempting to reacquire
kmemleak_lock.

This is the path for the deadlock.

mem_pool_alloc()
  -> raw_spin_lock_irqsave(&kmemleak_lock, flags);
      -> pr_warn_once()
          -> netconsole subsystem
	     -> netpoll
	         -> __alloc_skb
		   -> __create_object
		     -> raw_spin_lock_irqsave(&kmemleak_lock, flags);

Fix this by setting a flag and issuing the pr_warn_once() after
kmemleak_lock is released.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c7b6ea0ede687e7460e593c5ea478f50aa41682a

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < 4b0151e1d468eb2667c37b7af99b3c075072d334

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < f249d32bb54876b4b6c3ae071af8ddca77af390b

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < 62879faa8efe8d8a9c7bf7606ee9c068012d7dac

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < 1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < a0854de00ce2ee27edf39037e7836ad580eb3350

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < 08f70be5e406ce47c822f2dd11c1170ca259605b

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < a181b228b37a6a5625dad2bb4265bb7abb673e9f

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

Version < 47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2

Version c5665868183fec689dbab9fb8505188b2c4f0757

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.4

Status affected

Version < 5.4

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/c7b6ea0ede687e7460e593c5ea478f50aa41682a

https://git.kernel.org/stable/c/4b0151e1d468eb2667c37b7af99b3c075072d334

https://git.kernel.org/stable/c/f249d32bb54876b4b6c3ae071af8ddca77af390b

https://git.kernel.org/stable/c/62879faa8efe8d8a9c7bf7606ee9c068012d7dac

https://git.kernel.org/stable/c/1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d

https://git.kernel.org/stable/c/a0854de00ce2ee27edf39037e7836ad580eb3350

https://git.kernel.org/stable/c/08f70be5e406ce47c822f2dd11c1170ca259605b

https://git.kernel.org/stable/c/a181b228b37a6a5625dad2bb4265bb7abb673e9f

https://git.kernel.org/stable/c/47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://nvd.nist.gov/vuln/detail/CVE-2025-39736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39736

EUVD