| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091136-CVE-2025-39736-8dfc@gregkh>
Date: Thu, 11 Sep 2025 18:52:37 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-39736: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
When netpoll is enabled, calling pr_warn_once() while holding
kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock
inversion with the netconsole subsystem. This occurs because
pr_warn_once() may trigger netpoll, which eventually leads to
__alloc_skb() and back into kmemleak code, attempting to reacquire
kmemleak_lock.
This is the path for the deadlock.
mem_pool_alloc()
-> raw_spin_lock_irqsave(&kmemleak_lock, flags);
-> pr_warn_once()
-> netconsole subsystem
-> netpoll
-> __alloc_skb
-> __create_object
-> raw_spin_lock_irqsave(&kmemleak_lock, flags);
Fix this by setting a flag and issuing the pr_warn_once() after
kmemleak_lock is released.
The Linux kernel CVE team has assigned CVE-2025-39736 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 5.4.297 with commit c7b6ea0ede687e7460e593c5ea478f50aa41682a
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 5.10.241 with commit 4b0151e1d468eb2667c37b7af99b3c075072d334
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 5.15.190 with commit f249d32bb54876b4b6c3ae071af8ddca77af390b
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 6.1.149 with commit 62879faa8efe8d8a9c7bf7606ee9c068012d7dac
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 6.6.103 with commit 1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 6.12.43 with commit a0854de00ce2ee27edf39037e7836ad580eb3350
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 6.15.11 with commit 08f70be5e406ce47c822f2dd11c1170ca259605b
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 6.16.2 with commit a181b228b37a6a5625dad2bb4265bb7abb673e9f
Issue introduced in 5.4 with commit c5665868183fec689dbab9fb8505188b2c4f0757 and fixed in 6.17-rc2 with commit 47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-39736
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
mm/kmemleak.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c7b6ea0ede687e7460e593c5ea478f50aa41682a
https://git.kernel.org/stable/c/4b0151e1d468eb2667c37b7af99b3c075072d334
https://git.kernel.org/stable/c/f249d32bb54876b4b6c3ae071af8ddca77af390b
https://git.kernel.org/stable/c/62879faa8efe8d8a9c7bf7606ee9c068012d7dac
https://git.kernel.org/stable/c/1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d
https://git.kernel.org/stable/c/a0854de00ce2ee27edf39037e7836ad580eb3350
https://git.kernel.org/stable/c/08f70be5e406ce47c822f2dd11c1170ca259605b
https://git.kernel.org/stable/c/a181b228b37a6a5625dad2bb4265bb7abb673e9f
https://git.kernel.org/stable/c/47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2
Powered by blists - more mailing lists