Linux Kernel: Vulnerability in Memory Management Affects Multiple Implementations
CVE-2025-39843
What is CVE-2025-39843?
A vulnerability in the Linux kernel's memory management subsystem can lead to lock recursion issues during the execution of the set_track_prepare() function. This function is invoked by hrtimer_start_range_ns while holding a specific lock related to per_cpu(hrtimer_bases)[n]. If the CONFIG_DEBUG_OBJECTS_TIMERS option is enabled, it may inadvertently wake up kswapd, attempting to hold the same lock, which can cause a deadlock situation. To mitigate this risk, allocation flags that exclude __GFP_KSWAPD_RECLAIM are passed during the debug_objects_fill_pool() operation to prevent kswapd from being woken up in this context. This vulnerability poses a considerable risk to system stability and requires immediate attention in affected configurations.
Affected Version(s)
Linux 5cf909c553e9efed573811de4b3f5172898d5515 < 994b03b9605d36d814c611385fbf90ca6db20aa8
Linux 5cf909c553e9efed573811de4b3f5172898d5515 < 522ffe298627cfe72539d72167c2e20e72b5e856
Linux 5cf909c553e9efed573811de4b3f5172898d5515 < 243b705a90ed8449f561a271cf251fd2e939f3db