Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-38727

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/09/2025
Last modified:
08/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netlink: avoid infinite retry looping in netlink_unicast()<br /> <br /> netlink_attachskb() checks for the socket&amp;#39;s read memory allocation<br /> constraints. Firstly, it has:<br /> <br /> rmem sk_rcvbuf)<br /> <br /> to check if the just increased rmem value fits into the socket&amp;#39;s receive<br /> buffer. If not, it proceeds and tries to wait for the memory under:<br /> <br /> rmem + skb-&gt;truesize &gt; READ_ONCE(sk-&gt;sk_rcvbuf)<br /> <br /> The checks don&amp;#39;t cover the case when skb-&gt;truesize + sk-&gt;sk_rmem_alloc is<br /> equal to sk-&gt;sk_rcvbuf. Thus the function neither successfully accepts<br /> these conditions, nor manages to reschedule the task - and is called in<br /> retry loop for indefinite time which is caught as:<br /> <br /> rcu: INFO: rcu_sched self-detected stall on CPU<br /> rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212<br /> (t=26000 jiffies g=230833 q=259957)<br /> NMI backtrace for cpu 0<br /> CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014<br /> Call Trace:<br /> <br /> dump_stack lib/dump_stack.c:120<br /> nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105<br /> nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62<br /> rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335<br /> rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590<br /> update_process_times kernel/time/timer.c:1953<br /> tick_sched_handle kernel/time/tick-sched.c:227<br /> tick_sched_timer kernel/time/tick-sched.c:1399<br /> __hrtimer_run_queues kernel/time/hrtimer.c:1652<br /> hrtimer_interrupt kernel/time/hrtimer.c:1717<br /> __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113<br /> asm_call_irq_on_stack arch/x86/entry/entry_64.S:808<br /> <br /> <br /> netlink_attachskb net/netlink/af_netlink.c:1234<br /> netlink_unicast net/netlink/af_netlink.c:1349<br /> kauditd_send_queue kernel/audit.c:776<br /> kauditd_thread kernel/audit.c:897<br /> kthread kernel/kthread.c:328<br /> ret_from_fork arch/x86/entry/entry_64.S:304<br /> <br /> Restore the original behavior of the check which commit in Fixes<br /> accidentally missed when restructuring the code.<br /> <br /> Found by Linux Verification Center (linuxtesting.org).

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.146 (including) 6.1.149 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.99 (including) 6.6.103 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.39 (including) 6.12.43 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.15.7 (including) 6.15.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.16.1 (including) 6.16.2 (excluding)
cpe:2.3:o:linux:linux_kernel:5.4.296:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.240:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.189:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools