{"id":"CVE-2025-38727","summary":"netlink: avoid infinite retry looping in netlink_unicast()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket's read memory allocation\nconstraints. Firstly, it has:\n\n  rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket's receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n  rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don't cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n  rcu: INFO: rcu_sched self-detected stall on CPU\n  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n  (t=26000 jiffies g=230833 q=259957)\n  NMI backtrace for cpu 0\n  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n  Call Trace:\n  \u003cIRQ\u003e\n  dump_stack lib/dump_stack.c:120\n  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n  update_process_times kernel/time/timer.c:1953\n  tick_sched_handle kernel/time/tick-sched.c:227\n  tick_sched_timer kernel/time/tick-sched.c:1399\n  __hrtimer_run_queues kernel/time/hrtimer.c:1652\n  hrtimer_interrupt kernel/time/hrtimer.c:1717\n  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n  \u003c/IRQ\u003e\n\n  netlink_attachskb net/netlink/af_netlink.c:1234\n  netlink_unicast net/netlink/af_netlink.c:1349\n  kauditd_send_queue kernel/audit.c:776\n  kauditd_thread kernel/audit.c:897\n  kthread kernel/kthread.c:328\n  ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).","modified":"2026-03-20T12:42:59.749160Z","published":"2025-09-04T15:33:25.286Z","related":["MGASA-2025-0234","MGASA-2025-0235","SUSE-SU-2025:03600-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38727.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929"},{"type":"WEB","url":"https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859"},{"type":"WEB","url":"https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38727.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38727"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9da025150b7c14a8390fc06aea314c0a4011e82c"},{"fixed":"47d49fd07f86d1f55ea1083287303d237e9e0922"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98"},{"fixed":"6bee383ff83352a693d03efdf27cdd80742f71b2"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fd69af06101090eaa60b3d216ae715f9c0a58e5b"},{"fixed":"f324959ad47e62e3cadaffa65d3cff790fb48529"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"76602d8e13864524382b0687dc32cd8f19164d5a"},{"fixed":"d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"55baecb9eb90238f60a8350660d6762046ebd3bd"},{"fixed":"346c820ef5135cf062fa3473da955ef8c5fb6929"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4b8e18af7bea92f8b7fb92d40aeae729209db250"},{"fixed":"44ddd7b1ae0b7edb2c832eb16798c827a05e58f0"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cd7ff61bfffd7000143c42bbffb85eeb792466d6"},{"fixed":"78fcd69d55c5f11d7694c547eca767a1cfd38ec4"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc"},{"fixed":"e8edc7de688791a337c068693f22e8d8b869df71"},{"fixed":"759dfc7d04bab1b0b86113f1164dc1fec192b859"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38727.json"}}],"schema_version":"1.7.5"}