Memory Management Issue in Linux Kernel Affecting BPF Functionality
CVE-2025-39886
What is CVE-2025-39886?
A vulnerability has been identified in the Linux kernel related to memory management, particularly affecting the BPF (Berkeley Packet Filter) functionality. This issue occurs during the initialization of BPF timers, which can lead to various locking problems, such as double-acquiring locks and hard lockups. The vulnerability is primarily triggered when calling bpf_map_kmalloc_node() from within __bpf_async_init(). To mitigate this risk, it is recommended to use the __GFP_HIGH flag instead of GFP_ATOMIC, allowing the kernel to handle memory constraints more effectively during specific operations. This change is aimed at preventing unnecessary notifications and stabilizing memory accounting mechanisms under high load scenarios. A patch has been developed to address this issue, ensuring a more robust management of memory resources within the kernel.
Affected Version(s)
Linux b00628b1c7d595ae5b544e059c27b1f5828314b4 < 449682e76f32601f211816d3e2100bed87e67a4c
Linux b00628b1c7d595ae5b544e059c27b1f5828314b4
Linux b00628b1c7d595ae5b544e059c27b1f5828314b4