CVE-2025-39843

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The set track prepare() function in the Linux kernel can incur lock recursion. This issue arises when called from hrtimer start range ns while holding the per cpu(hrtimer bases)[n].lock. When CONFIG DEBUG OBJECTS TIMERS is enabled, this can wake up kswapd within set track prepare(), attempting to re-acquire the same lock, leading to a deadlock. The issue is addressed by preventing kswapd from being woken up by passing allocation flags that do not contain GFP KSWAPD RECLAIM in the debug objects fill pool() case. The GFP DIRECT RECLAIM flag is also masked out within slab alloc() as it has preemption disabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-667

Related Identifiers

ALSA-2025:21926

ALSA-2026:0453

BDU:2025-14119

CVE-2025-39843

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-A49B-5A64-0E27

INFESA-2025_0006

INFSA-2025_21926

OESA-2026-1337

OESA-2026-1338

OESA-2026-1339

RHSA-2025:21926

RHSA-2025:23789

RHSA-2025_21926

RHSA-2026:0271

RHSA-2026:0453

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Almalinux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Ubuntu

CVE-2025-39843

Weakness Enumeration

Related Identifiers

Affected Products

References · 1476