System Hang Vulnerability in Linux Kernel: Affected by Async-Profiler Tool
CVE-2025-40327

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40327?

A vulnerability in the Linux kernel has been identified where the async-profiler tool's cpu-clock usage can lead to a system hang. This issue stems from the interaction between the cpu-clock, a specialized software event relying on hrtimers, and the __perf_event_overflow() callback that is called from the hrtimer handler. When this callback attempts to stop the event, it creates a recursive call into the hrtimer code, resulting in a deadlock situation. The resolution involves using hrtimer_try_to_cancel() instead of the recursive call to prevent this hang, alongside setting the PERF_HES_STOPPED flag to ensure proper event management.

Affected Version(s)

Linux 18dbcbfabfffc4a5d3ea10290c5ad27f22b0d240 < 6b8c512811644cf2f5eaf6f44e928683c54127f0

Linux 18dbcbfabfffc4a5d3ea10290c5ad27f22b0d240

Linux b2de0c9ce8e542b5cb4cd3944620d9dd1ea1f0ac

References

https://git.kernel.org/stable/c/6b8c512811644cf2f5eaf6f44...

https://git.kernel.org/stable/c/eb3182ef0405ff2f6668fd3e5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON