Linux Kernel Vulnerability in cgroup Management

CVE-2025-39953

What is CVE-2025-39953?

A vulnerability in the Linux kernel's cgroup mechanism can lead to a hung task condition during performance events and priority management. The issue arises when repeatedly mounting and unmounting the perf_event and net_prio controllers with unified cgroup hierarchy enabled. This can cause a deadlock where root destruction waits for various offline operations to complete, blocked by resource management operations. To mitigate this problem, the cgroup_destroy_wq has been restructured into three independent workqueues, allowing for more efficient management of CSS offline processes, resource releases, and final memory deallocations, thus preventing task hangs.

References