CVE-2025-39736

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A deadlock situation could occur in the Linux kernel’s memory leak detection mechanism (kmemleak) when netpoll is enabled. This happens because calling pr warn once() while holding kmemleak lock in mem pool alloc() can lead to lock inversion with the netconsole subsystem. Specifically, pr warn once() might trigger netpoll, which then calls alloc skb() and subsequently attempts to reacquire kmemleak lock, resulting in a deadlock.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

AZL-67172

BDU:2025-14999

CVE-2025-39736

DLA-4327-1

DLA-4328-1

DSA-6009-1

ECHO-F67A-32A3-58E1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-39736

Weakness Enumeration

Related Identifiers

Affected Products

References · 1304