CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved:
fs/eventpoll: fix endless busy loop after timeout has expired
After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future"), the following program would immediately enter a busy loop in the kernel:
int main() {
int e = epoll_create1(0);
struct epoll_event event = {.events = EPOLLIN};
epoll_ctl(e, EPOLL_CTL_ADD, 0, &event);
const struct timespec timeout = {.tv_nsec = 1};
epoll_pwait2(e, &event, 1, &timeout, 0);
}
This happens because the given (non-zero) timeout of 1 nanosecond
usually expires before ep_poll() is entered and then
ep_schedule_timeout() returns false, but timed_out is never set
because the code line that sets it is skipped. This quickly turns
into a soft lockup, RCU stalls and deadlocks, inflicting severe
headaches to the whole system.
When the timeout has expired, we don't need to schedule a hrtimer, but
we should set the timed_out variable. Therefore, I suggest moving
the ep_schedule_timeout() check into the timed_out expression
instead of skipping it.
brauner: Note that there was an earlier fix by Joe Damato in response to my bug report in [1].
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.14.4 | 6.14.8 |
| linux / linux_kernel | 6.15-rc3 | 6.15-rc3.x |
| linux / linux_kernel | 6.15-rc4 | 6.15-rc4.x |
| linux / linux_kernel | 6.15-rc5 | 6.15-rc5.x |
| linux / linux_kernel | 6.15-rc6 | 6.15-rc6.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime