{"id":"AZL-67172","summary":"CVE-2025-39736 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock\n\nWhen netpoll is enabled, calling pr_warn_once() while holding\nkmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock\ninversion with the netconsole subsystem.  This occurs because\npr_warn_once() may trigger netpoll, which eventually leads to\n__alloc_skb() and back into kmemleak code, attempting to reacquire\nkmemleak_lock.\n\nThis is the path for the deadlock.\n\nmem_pool_alloc()\n  -\u003e raw_spin_lock_irqsave(&kmemleak_lock, flags);\n      -\u003e pr_warn_once()\n          -\u003e netconsole subsystem\n\t     -\u003e netpoll\n\t         -\u003e __alloc_skb\n\t\t   -\u003e __create_object\n\t\t     -\u003e raw_spin_lock_irqsave(&kmemleak_lock, flags);\n\nFix this by setting a flag and issuing the pr_warn_once() after\nkmemleak_lock is released.","modified":"2026-04-01T05:21:09.236326Z","published":"2025-09-11T17:15:34Z","upstream":["CVE-2025-39736"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39736"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67172.json"}}],"schema_version":"1.7.5"}