Wind River Support Network

HomeDefectsLIN1023-14691
Acknowledged

LIN1023-14691 : Security Advisory - linux - CVE-2025-38727

Created: Sep 4, 2025    Updated: Sep 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]netlink: avoid infinite retry looping in netlink_unicast()[EOL][EOL]netlink_attachskb() checks for the socket's read memory allocation[EOL]constraints. Firstly, it has:[EOL][EOL]  rmem < READ_ONCE(sk->sk_rcvbuf)[EOL][EOL]to check if the just increased rmem value fits into the socket's receive[EOL]buffer. If not, it proceeds and tries to wait for the memory under:[EOL][EOL]  rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf)[EOL][EOL]The checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is[EOL]equal to sk->sk_rcvbuf. Thus the function neither successfully accepts[EOL]these conditions, nor manages to reschedule the task - and is called in[EOL]retry loop for indefinite time which is caught as:[EOL][EOL]  rcu: INFO: rcu_sched self-detected stall on CPU[EOL]  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212[EOL]  (t=26000 jiffies g=230833 q=259957)[EOL]  NMI backtrace for cpu 0[EOL]  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68[EOL]  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014[EOL]  Call Trace:[EOL]  <IRQ>[EOL]  dump_stack lib/dump_stack.c:120[EOL]  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105[EOL]  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62[EOL]  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335[EOL]  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590[EOL]  update_process_times kernel/time/timer.c:1953[EOL]  tick_sched_handle kernel/time/tick-sched.c:227[EOL]  tick_sched_timer kernel/time/tick-sched.c:1399[EOL]  __hrtimer_run_queues kernel/time/hrtimer.c:1652[EOL]  hrtimer_interrupt kernel/time/hrtimer.c:1717[EOL]  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113[EOL]  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808[EOL]  </IRQ>[EOL][EOL]  netlink_attachskb net/netlink/af_netlink.c:1234[EOL]  netlink_unicast net/netlink/af_netlink.c:1349[EOL]  kauditd_send_queue kernel/audit.c:776[EOL]  kauditd_thread kernel/audit.c:897[EOL]  kthread kernel/kthread.c:328[EOL]  ret_from_fork arch/x86/entry/entry_64.S:304[EOL][EOL]Restore the original behavior of the check which commit in Fixes[EOL]accidentally missed when restructuring the code.[EOL][EOL]Found by Linux Verification Center (linuxtesting.org).

CREATE(Triage):(User=admin) [CVE-2025-38727 (https://nvd.nist.gov/vuln/detail/CVE-2025-38727)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube