CVE-2025-68169

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the netpoll subsystem that can lead to a deadlock scenario when the system experiences significant memory pressure. This occurs during memory allocation within the refill skbs() function while holding a spinlock. Specifically, the issue arises when alloc skb() is called, triggering slab out of memory(), which then invokes printk(). The console output path subsequently calls netpoll send udp(), attempting to re-acquire the same spinlock, resulting in a deadlock. The problem was exposed by a previous commit that altered the execution path of refill skbs(). The vulnerability involves a potential TOCTOU (Time-of-Check to Time-of-Use) issue when checking the pool length and queuing a new SKB, but this is considered harmless as an extra SKB in the pool will eventually be used. The function refill skbs() is central to this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.