CVE-2025-39737

EUVD-2025-28974
In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()

A soft lockup warning was observed on a relative small system x86-64
system with 16 GB of memory when running a debug kernel with kmemleak
enabled.

  watchdog: BUG: soft lockup - CPU#8 stuck for 33s! [kworker/8:1:134]

The test system was running a workload with hot unplug happening in
parallel.  Then kemleak decided to disable itself due to its inability to
allocate more kmemleak objects.  The debug kernel has its
CONFIG_DEBUG_KMEMLEAK_MEM_POOL_SIZE set to 40,000.

The soft lockup happened in kmemleak_do_cleanup() when the existing
kmemleak objects were being removed and deleted one-by-one in a loop via a
workqueue.  In this particular case, there are at least 40,000 objects
that need to be processed and given the slowness of a debug kernel and the
fact that a raw_spinlock has to be acquired and released in
__delete_object(), it could take a while to properly handle all these
objects.

As kmemleak has been disabled in this case, the object removal and
deletion process can be further optimized as locking isn't really needed. 
However, it is probably not worth the effort to optimize for such an edge
case that should rarely happen.  So the simple solution is to call
cond_resched() at periodic interval in the iteration loop to avoid soft
lockup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.4.1 ≤
𝑥
< 5.4.297
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.241
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.190
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.149
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.103
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.43
linuxlinux_kernel
6.13 ≤
𝑥
< 6.15.11
linuxlinux_kernel
6.16 ≤
𝑥
< 6.16.2
linuxlinux_kernel
5.4
linuxlinux_kernel
5.4:rc4
linuxlinux_kernel
5.4:rc5
linuxlinux_kernel
5.4:rc6
linuxlinux_kernel
5.4:rc7
linuxlinux_kernel
5.4:rc8
linuxlinux_kernel
6.17:rc1
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.162-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
linux-6.1
bullseye (security)
6.1.162-1~deb11u1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/1ef72a7fedc5bca70e8cc980985790de10d407aa
https://git.kernel.org/stable/c/8d2d22a55ffe35c38e69795468a7addd1a80e9ce
https://git.kernel.org/stable/c/926092268efdf1ed7b55cf486356c74a9e7710d1
https://git.kernel.org/stable/c/9b80430c194e4a114dc663c1025d56b4f3d0153d
https://git.kernel.org/stable/c/9f1f4e95031f84867c5821540466d62f88dab8ca
https://git.kernel.org/stable/c/a04de4c40aab9b338dfa989cf4aec70fd187eeb2
https://git.kernel.org/stable/c/d1534ae23c2b6be350c8ab060803fbf6e9682adc
https://git.kernel.org/stable/c/e21a3ddd58733ce31afcb1e5dc3cb80a4b5bc29b
https://git.kernel.org/stable/c/f014c10d190b92aad366e56b445daffcd1c075e4
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html