CVE-2025-38727
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38727
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38727.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38727
- Downstream
- Related
- Published
- 2025-09-04T15:33:25Z
- Modified
- 2025-11-04T03:42:12.551114Z
- Summary
- netlink: avoid infinite retry looping in netlink_unicast()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netlink: avoid infinite retry looping in netlink_unicast()
netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has:
rmem < READONCE(sk->skrcvbuf)
to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tries to wait for the memory under:
rmem + skb->truesize > READONCE(sk->skrcvbuf)
The checks don't cover the case when skb->truesize + sk->skrmemalloc is equal to sk->sk_rcvbuf. Thus the function neither successfully accepts these conditions, nor manages to reschedule the task - and is called in retry loop for indefinite time which is caught as:
rcu: INFO: rcusched self-detected stall on CPU rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212 (t=26000 jiffies g=230833 q=259957) NMI backtrace for cpu 0 CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014 Call Trace: <IRQ> dumpstack lib/dumpstack.c:120 nmicpubacktrace.cold lib/nmibacktrace.c:105 nmitriggercpumaskbacktrace lib/nmibacktrace.c:62 rcudumpcpustacks kernel/rcu/treestall.h:335 rcuschedclockirq.cold kernel/rcu/tree.c:2590 updateprocesstimes kernel/time/timer.c:1953 tickschedhandle kernel/time/tick-sched.c:227 tickschedtimer kernel/time/tick-sched.c:1399 _hrtimerrunqueues kernel/time/hrtimer.c:1652 hrtimerinterrupt kernel/time/hrtimer.c:1717 _sysvecapictimerinterrupt arch/x86/kernel/apic/apic.c:1113 asmcallirqonstack arch/x86/entry/entry64.S:808 </IRQ>
netlinkattachskb net/netlink/afnetlink.c:1234 netlinkunicast net/netlink/afnetlink.c:1349 kauditdsendqueue kernel/audit.c:776 kauditdthread kernel/audit.c:897 kthread kernel/kthread.c:328 retfromfork arch/x86/entry/entry64.S:304
Restore the original behavior of the check which commit in Fixes accidentally missed when restructuring the code.
Found by Linux Verification Center (linuxtesting.org).
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929
- https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0
- https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922
- https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2
- https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859
- https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4
- https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e
- https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71
- https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9da025150b7c14a8390fc06aea314c0a4011e82cFixed47d49fd07f86d1f55ea1083287303d237e9e0922
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc4ceaac5c5ba0b992ee1dc88e2a02421549e5c98Fixed6bee383ff83352a693d03efdf27cdd80742f71b2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfd69af06101090eaa60b3d216ae715f9c0a58e5bFixedf324959ad47e62e3cadaffa65d3cff790fb48529
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced76602d8e13864524382b0687dc32cd8f19164d5aFixedd42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced55baecb9eb90238f60a8350660d6762046ebd3bdFixed346c820ef5135cf062fa3473da955ef8c5fb6929
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4b8e18af7bea92f8b7fb92d40aeae729209db250Fixed44ddd7b1ae0b7edb2c832eb16798c827a05e58f0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcd7ff61bfffd7000143c42bbffb85eeb792466d6Fixed78fcd69d55c5f11d7694c547eca767a1cfd38ec4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedae8f160e7eb24240a2a79fc4c815c6a0d4ee16ccFixede8edc7de688791a337c068693f22e8d8b869df71
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedae8f160e7eb24240a2a79fc4c815c6a0d4ee16ccFixed759dfc7d04bab1b0b86113f1164dc1fec192b859
Affected versions
v5.*
v5.10.240
v5.15.189
v5.4.296
v6.*
v6.1.146
v6.1.147
v6.1.148
v6.12.39
v6.12.40
v6.12.41
v6.12.42
v6.15.10
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.6.100
v6.6.101
v6.6.102
v6.6.99
Database specific
vanir_signatures
[
{
"id": "CVE-2025-38727-13afe23b",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@759dfc7d04bab1b0b86113f1164dc1fec192b859"
},
{
"id": "CVE-2025-38727-177f23f8",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@44ddd7b1ae0b7edb2c832eb16798c827a05e58f0"
},
{
"id": "CVE-2025-38727-1f1c2a64",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@78fcd69d55c5f11d7694c547eca767a1cfd38ec4"
},
{
"id": "CVE-2025-38727-2f80b127",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e"
},
{
"id": "CVE-2025-38727-30252e02",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47d49fd07f86d1f55ea1083287303d237e9e0922"
},
{
"id": "CVE-2025-38727-3739ad81",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f324959ad47e62e3cadaffa65d3cff790fb48529"
},
{
"id": "CVE-2025-38727-395b2efd",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f324959ad47e62e3cadaffa65d3cff790fb48529"
},
{
"id": "CVE-2025-38727-423a5590",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e8edc7de688791a337c068693f22e8d8b869df71"
},
{
"id": "CVE-2025-38727-4eab797d",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@759dfc7d04bab1b0b86113f1164dc1fec192b859"
},
{
"id": "CVE-2025-38727-7f735806",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e8edc7de688791a337c068693f22e8d8b869df71"
},
{
"id": "CVE-2025-38727-84594413",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@346c820ef5135cf062fa3473da955ef8c5fb6929"
},
{
"id": "CVE-2025-38727-85b17050",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@346c820ef5135cf062fa3473da955ef8c5fb6929"
},
{
"id": "CVE-2025-38727-8d04c53c",
"target": {
"function": "netlink_attachskb",
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1118.0,
"function_hash": "265944914468520489195374296066329607418"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47d49fd07f86d1f55ea1083287303d237e9e0922"
},
{
"id": "CVE-2025-38727-acd95b0f",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@44ddd7b1ae0b7edb2c832eb16798c827a05e58f0"
},
{
"id": "CVE-2025-38727-b170e4bc",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e"
},
{
"id": "CVE-2025-38727-e4504186",
"target": {
"file": "net/netlink/af_netlink.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"288174083106587028724693030720543658844",
"193718157317070494891479479686005976057",
"253893257050575761837168580095433414041",
"41583178040404582373533583948116673000"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@78fcd69d55c5f11d7694c547eca767a1cfd38ec4"
}
]
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.4.297
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.241
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.190
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.149
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.103
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.43
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.15.11
- Type
- ECOSYSTEM
- Events
-
Introduced6.16.0Fixed6.16.2