CVE-2025-38727— netlink: avoid infinite retry looping in netlink_unicast()
Affected Version Matrix 20
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9da025150b7c14a8390fc06aea314c0a4011e82c< 47d49fd07f86d1f55ea1083287303d237e9e0922 | affected |
c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98< 6bee383ff83352a693d03efdf27cdd80742f71b2 | affected | ||
fd69af06101090eaa60b3d216ae715f9c0a58e5b< f324959ad47e62e3cadaffa65d3cff790fb48529 | affected | ||
76602d8e13864524382b0687dc32cd8f19164d5a< d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e | affected | ||
55baecb9eb90238f60a8350660d6762046ebd3bd< 346c820ef5135cf062fa3473da955ef8c5fb6929 | affected | ||
4b8e18af7bea92f8b7fb92d40aeae729209db250< 44ddd7b1ae0b7edb2c832eb16798c827a05e58f0 | affected | ||
cd7ff61bfffd7000143c42bbffb85eeb792466d6< 78fcd69d55c5f11d7694c547eca767a1cfd38ec4 | affected | ||
ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc< e8edc7de688791a337c068693f22e8d8b869df71 | affected | ||
| … +12 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-38727
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
netlink: avoid infinite retry looping in netlink_unicast()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tries to wait for the memory under: rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf) The checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is equal to sk->sk_rcvbuf. Thus the function neither successfully accepts these conditions, nor manages to reschedule the task - and is called in retry loop for indefinite time which is caught as: rcu: INFO: rcu_sched self-detected stall on CPU rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212 (t=26000 jiffies g=230833 q=259957) NMI backtrace for cpu 0 CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014 Call Trace: <IRQ> dump_stack lib/dump_stack.c:120 nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62 rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335 rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590 update_process_times kernel/time/timer.c:1953 tick_sched_handle kernel/time/tick-sched.c:227 tick_sched_timer kernel/time/tick-sched.c:1399 __hrtimer_run_queues kernel/time/hrtimer.c:1652 hrtimer_interrupt kernel/time/hrtimer.c:1717 __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 asm_call_irq_on_stack arch/x86/entry/entry_64.S:808 </IRQ> netlink_attachskb net/netlink/af_netlink.c:1234 netlink_unicast net/netlink/af_netlink.c:1349 kauditd_send_queue kernel/audit.c:776 kauditd_thread kernel/audit.c:897 kthread kernel/kthread.c:328 ret_from_fork arch/x86/entry/entry_64.S:304 Restore the original behavior of the check which commit in Fixes accidentally missed when restructuring the code. Found by Linux Verification Center (linuxtesting.org).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于netlink在单播时未正确处理内存限制,可能导致无限重试循环。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-38727
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-38727
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-09-04 · 52 CVEs total
| CVE-2025-38693 | media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_t | |
| CVE-2025-38679 | media: venus: Fix OOB read due to missing payload bound check | |
| CVE-2025-38680 | media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() | |
| CVE-2025-38685 | fbdev: Fix vmalloc out-of-bounds write in fast_imageblit | |
| CVE-2025-38682 | i2c: core: Fix double-free of fwnode in i2c_unregister_device() | |
| CVE-2025-38683 | hv_netvsc: Fix panic during namespace deletion with VF | |
| CVE-2025-38684 | net/sched: ets: use old 'nbands' while purging unused classes | |
| CVE-2025-38681 | mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() | |
| CVE-2025-38692 | exfat: add cluster chain loop check for dir | |
| CVE-2025-38694 | media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() | |
| CVE-2025-38690 | drm/xe/migrate: prevent infinite recursion | |
| CVE-2025-38695 | scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure | |
| CVE-2025-38696 | MIPS: Don't crash in stack_top() for tasks without ABI or vDSO | |
| CVE-2025-38697 | jfs: upper bound check of tree index in dbAllocAG | |
| CVE-2025-38699 | scsi: bfa: Double-free fix | |
| CVE-2025-38698 | jfs: Regular file corruption check | |
| CVE-2025-38700 | scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated | |
| CVE-2025-38701 | ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr | |
| CVE-2025-38702 | fbdev: fix potential buffer overflow in do_register_framebuffer() | |
| CVE-2025-38703 | drm/xe: Make dma-fences compliant with the safe access rules |
Showing top 20 of 52 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43492
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_ - CVE-2026-43493
crypto: pcrypt - Fix handling of MAY_BACKLOG requests - CVE-2026-43491
net: qrtr: ns: Limit the maximum server registration per nod - CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length
Same vendor: Linux
- CVE-2026-43492
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_ - CVE-2026-43493
crypto: pcrypt - Fix handling of MAY_BACKLOG requests - CVE-2026-43491
net: qrtr: ns: Limit the maximum server registration per nod - CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length
V. Comments for CVE-2025-38727
No comments yet