VYPR
Medium severity5.5NVD Advisory· Published Sep 11, 2025· Updated May 12, 2026

CVE-2025-39736

CVE-2025-39736

Description

In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock

When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock.

This is the path for the deadlock.

mem_pool_alloc() -> raw_spin_lock_irqsave(&kmemleak_lock, flags); -> pr_warn_once() -> netconsole subsystem -> netpoll -> __alloc_skb -> __create_object -> raw_spin_lock_irqsave(&kmemleak_lock, flags);

Fix this by setting a flag and issuing the pr_warn_once() after kmemleak_lock is released.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel4 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.4,<5.4.297
    • cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*
    • (no CPE)
    • (no CPE)range: 5.4

Patches

Vulnerability mechanics

References

12

News mentions

1