Data Race Vulnerability in the Linux Kernel
CVE-2025-39749

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39749?

In certain configurations of the Linux kernel, a vulnerability arises due to a race condition involving the RCU (Read-Copy-Update) mechanism. Specifically, the function rcu_read_unlock_special() can operate within an interrupts-disabled context while simultaneously interacting with an irq-work handler, leading to potential data races. This situation can result in inconsistent states within the per-CPU rcu_data structure, particularly affecting the ->defer_qs_iw_pending field. The issue manifests in kernels using the rcutree.use_softirq=y setting and requires that interrupts be disabled during specific updates to ensure system stability. A recent commit has addressed this by disabling interrupts while the rcu_preempt_deferred_qs_handler function updates the relevant field.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 74f58f382a7c8333f8d09701aefaa25913bdbe0e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0ad84d62217488e679ecc90e8628980dcc003de3

References

https://git.kernel.org/stable/c/74f58f382a7c8333f8d09701a...

https://git.kernel.org/stable/c/f937759c7432d6151b73e1393...

https://git.kernel.org/stable/c/0ad84d62217488e679ecc90e8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025