fkie_cve-2025-37859
Vulnerability from fkie_nvd
Published
2025-05-09 07:16
Modified
2025-05-12 17:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. Since the inflight value goes negative, it means we should not expect the whole page_pool to get back to work normally. This patch mitigates the adverse effect by not rescheduling the kworker when detecting the inflight negative in page_pool_release_retry(). [1] [Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------ [Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages ... [Mon Feb 10 20:36:11 2025] Call Trace: [Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370 [Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0 [Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140 [Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370 [Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40 [Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]--- Note: before this patch, the above calltrace would flood the dmesg due to repeated reschedule of release_dw kworker.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: avoid infinite loop to schedule delayed worker\n\nWe noticed the kworker in page_pool_release_retry() was waken\nup repeatedly and infinitely in production because of the\nbuggy driver causing the inflight less than 0 and warning\nus in page_pool_inflight()[1].\n\nSince the inflight value goes negative, it means we should\nnot expect the whole page_pool to get back to work normally.\n\nThis patch mitigates the adverse effect by not rescheduling\nthe kworker when detecting the inflight negative in\npage_pool_release_retry().\n\n[1]\n[Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------\n[Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages\n...\n[Mon Feb 10 20:36:11 2025] Call Trace:\n[Mon Feb 10 20:36:11 2025]  page_pool_release_retry+0x23/0x70\n[Mon Feb 10 20:36:11 2025]  process_one_work+0x1b1/0x370\n[Mon Feb 10 20:36:11 2025]  worker_thread+0x37/0x3a0\n[Mon Feb 10 20:36:11 2025]  kthread+0x11a/0x140\n[Mon Feb 10 20:36:11 2025]  ? process_one_work+0x370/0x370\n[Mon Feb 10 20:36:11 2025]  ? __kthread_cancel_work+0x40/0x40\n[Mon Feb 10 20:36:11 2025]  ret_from_fork+0x35/0x40\n[Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---\nNote: before this patch, the above calltrace would flood the\ndmesg due to repeated reschedule of release_dw kworker."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: page_pool: evitar bucle infinito para programar un trabajador retrasado. Observamos que el kworker en page_pool_release_retry() se reactivaba repetida e infinitamente en producci\u00f3n debido a un controlador defectuoso que causaba un valor inflight menor que 0 y nos advert\u00eda en page_pool_inflight()[1]. Dado que el valor inflight es negativo, no debemos esperar que todo el page_pool vuelva a funcionar con normalidad. Este parche mitiga el efecto adverso al no reprogramar el kworker al detectar un valor inflight negativo en page_pool_release_retry(). [1] [Lun 10 Feb 20:36:11 2025] ------------[ cortar aqu\u00ed ]------------ [Lun 10 Feb 20:36:11 2025] Negativo(-51446) paquetes en vuelo-p\u00e1ginas ... [Lun 10 Feb 20:36:11 2025] Rastreo de llamadas: [Lun 10 Feb 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Lun 10 Feb 20:36:11 2025] process_one_work+0x1b1/0x370 [Lun 10 Feb 20:36:11 2025] workers_thread+0x37/0x3a0 [Lun 10 Feb 20:36:11 2025] kthread+0x11a/0x140 [lun 10 feb 20:36:11 2025] ? process_one_work+0x370/0x370 [lun 10 feb 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [lun 10 feb 20:36:11 2025] ret_from_fork+0x35/0x40 [lun 10 feb 20:36:11 2025] ---[ fin del seguimiento ebffe800f33e7e34 ]--- Nota: antes de este parche, el seguimiento de llamadas anterior inundar\u00eda dmesg debido a la reprogramaci\u00f3n repetida de release_dw kworker."
    }
  ],
  "id": "CVE-2025-37859",
  "lastModified": "2025-05-12T17:32:52.810",
  "metrics": {},
  "published": "2025-05-09T07:16:06.960",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.