CVE-2025-37859 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally. This patch mitigates the adverse effect by not rescheduling the kworker when detecting the inflight negative in page_pool_release_retry(). [1] [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------ [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages ... [Mon Feb 10 20:36:11 2025] Call Trace: [Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370 [Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0 [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140 [Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370 [Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40 [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]--- Note: before this patch, the above calltrace would flood the dmesg due to repeated reschedule of release_dw kworker.

Reserved 2025-04-16 | Published 2025-05-09 | Updated 2025-05-09 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before c3c7c57017ce1d4b2d3788c1fc59e7e39026e158

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9f71db4fb82deb889e0bac4a51b34daea7d506a3

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 91522aba56e9fcdf64da25ffef9b27f8fad48e0f

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 90e089a64504982f8d62f223027cb9f903781f78

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 95f17738b86fd198924d874a5639bcdc49c7e5b8

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7204335d1991c23fc615ab76f31f175748a578e1

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e74e5aa33228c5e2cb4fc80ad103541a7b7805ec

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 738d1812ec2e395e953258aea912ddd867d11a13

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 43130d02baa137033c25297aaae95fd0edc41654

affected

Default status

affected

5.4.293

unaffected

5.10.237

unaffected

5.15.181

unaffected

6.1.135

unaffected

6.6.88

unaffected

6.12.24

unaffected

6.13.12

unaffected

6.14.3

unaffected

6.15-rc1

unaffected

References

git.kernel.org/...c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158

git.kernel.org/...c/9f71db4fb82deb889e0bac4a51b34daea7d506a3

git.kernel.org/...c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f

git.kernel.org/...c/90e089a64504982f8d62f223027cb9f903781f78

git.kernel.org/...c/95f17738b86fd198924d874a5639bcdc49c7e5b8

git.kernel.org/...c/7204335d1991c23fc615ab76f31f175748a578e1

git.kernel.org/...c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec

git.kernel.org/...c/738d1812ec2e395e953258aea912ddd867d11a13

git.kernel.org/...c/43130d02baa137033c25297aaae95fd0edc41654

cve.org (CVE-2025-37859)

nvd.nist.gov (CVE-2025-37859)

Download JSON