Infinite Loop Vulnerability in Linux Kernel Netlink Functionality
CVE-2025-38727
What is CVE-2025-38727?
A vulnerability has been identified in the Linux kernel related to netlink's handling of memory allocation during unicast operations. Specifically, the function responsible for ensuring that socket memory allocation constraints are met fails to effectively check certain conditions. This oversight can lead to an infinite retry loop when memory under specific conditions is not successfully accepted. The original behavior of the check was inadvertently modified during code restructuring, which has resulted in the system becoming unresponsive, as indicated by error messages related to RCU scheduling stalls when the retry loop runs indefinitely. This vulnerability poses risks to system stability and performance.
Affected Version(s)
Linux 9da025150b7c14a8390fc06aea314c0a4011e82c < 47d49fd07f86d1f55ea1083287303d237e9e0922
Linux c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98 < 6bee383ff83352a693d03efdf27cdd80742f71b2
Linux fd69af06101090eaa60b3d216ae715f9c0a58e5b