{"api_version":"1","generated_at":"2026-05-13T13:33:32+00:00","cve":"CVE-2025-38727","urls":{"html":"https://cve.report/CVE-2025-38727","api":"https://cve.report/api/cve/CVE-2025-38727.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-38727","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-38727"},"summary":{"title":"netlink: avoid infinite retry looping in netlink_unicast()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket's read memory allocation\nconstraints. Firstly, it has:\n\n  rmem < READ_ONCE(sk->sk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket's receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n  rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf)\n\nThe checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is\nequal to sk->sk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n  rcu: INFO: rcu_sched self-detected stall on CPU\n  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n  (t=26000 jiffies g=230833 q=259957)\n  NMI backtrace for cpu 0\n  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n  Call Trace:\n  <IRQ>\n  dump_stack lib/dump_stack.c:120\n  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n  update_process_times kernel/time/timer.c:1953\n  tick_sched_handle kernel/time/tick-sched.c:227\n  tick_sched_timer kernel/time/tick-sched.c:1399\n  __hrtimer_run_queues kernel/time/hrtimer.c:1652\n  hrtimer_interrupt kernel/time/hrtimer.c:1717\n  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n  </IRQ>\n\n  netlink_attachskb net/netlink/af_netlink.c:1234\n  netlink_unicast net/netlink/af_netlink.c:1349\n  kauditd_send_queue kernel/audit.c:776\n  kauditd_thread kernel/audit.c:897\n  kthread kernel/kthread.c:328\n  ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).","state":"PUBLISHED","assigner":"Linux","published_at":"2025-09-04 16:15:42","updated_at":"2026-05-12 13:17:02"},"problem_types":["CWE-835"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71","name":"https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","name":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859","name":"https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929","name":"https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2","name":"https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4","name":"https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529","name":"https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e","name":"https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922","name":"https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html","name":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0","name":"https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-38727","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38727","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9da025150b7c14a8390fc06aea314c0a4011e82c 47d49fd07f86d1f55ea1083287303d237e9e0922 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98 6bee383ff83352a693d03efdf27cdd80742f71b2 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fd69af06101090eaa60b3d216ae715f9c0a58e5b f324959ad47e62e3cadaffa65d3cff790fb48529 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 76602d8e13864524382b0687dc32cd8f19164d5a d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 55baecb9eb90238f60a8350660d6762046ebd3bd 346c820ef5135cf062fa3473da955ef8c5fb6929 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4b8e18af7bea92f8b7fb92d40aeae729209db250 44ddd7b1ae0b7edb2c832eb16798c827a05e58f0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected cd7ff61bfffd7000143c42bbffb85eeb792466d6 78fcd69d55c5f11d7694c547eca767a1cfd38ec4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc e8edc7de688791a337c068693f22e8d8b869df71 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc 759dfc7d04bab1b0b86113f1164dc1fec192b859 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.16","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.16 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.297 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.241 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.190 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.149 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.103 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.43 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.15.11 6.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.16.2 6.16.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.17 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC CN 4100","version":"affected V5.0 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"38727","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-03T17:41:56.297Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC CN 4100","vendor":"Siemens","versions":[{"lessThan":"V5.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:05:56.721Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/netlink/af_netlink.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"47d49fd07f86d1f55ea1083287303d237e9e0922","status":"affected","version":"9da025150b7c14a8390fc06aea314c0a4011e82c","versionType":"git"},{"lessThan":"6bee383ff83352a693d03efdf27cdd80742f71b2","status":"affected","version":"c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98","versionType":"git"},{"lessThan":"f324959ad47e62e3cadaffa65d3cff790fb48529","status":"affected","version":"fd69af06101090eaa60b3d216ae715f9c0a58e5b","versionType":"git"},{"lessThan":"d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e","status":"affected","version":"76602d8e13864524382b0687dc32cd8f19164d5a","versionType":"git"},{"lessThan":"346c820ef5135cf062fa3473da955ef8c5fb6929","status":"affected","version":"55baecb9eb90238f60a8350660d6762046ebd3bd","versionType":"git"},{"lessThan":"44ddd7b1ae0b7edb2c832eb16798c827a05e58f0","status":"affected","version":"4b8e18af7bea92f8b7fb92d40aeae729209db250","versionType":"git"},{"lessThan":"78fcd69d55c5f11d7694c547eca767a1cfd38ec4","status":"affected","version":"cd7ff61bfffd7000143c42bbffb85eeb792466d6","versionType":"git"},{"lessThan":"e8edc7de688791a337c068693f22e8d8b869df71","status":"affected","version":"ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc","versionType":"git"},{"lessThan":"759dfc7d04bab1b0b86113f1164dc1fec192b859","status":"affected","version":"ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/netlink/af_netlink.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.16"},{"lessThan":"6.16","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.297","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.241","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.190","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.149","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.103","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.43","versionType":"semver"},{"lessThanOrEqual":"6.15.*","status":"unaffected","version":"6.15.11","versionType":"semver"},{"lessThanOrEqual":"6.16.*","status":"unaffected","version":"6.16.2","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.17","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.297","versionStartIncluding":"5.4.296","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.241","versionStartIncluding":"5.10.240","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.190","versionStartIncluding":"5.15.189","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.149","versionStartIncluding":"6.1.146","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.103","versionStartIncluding":"6.6.99","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.43","versionStartIncluding":"6.12.39","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.15.11","versionStartIncluding":"6.15.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.16.2","versionStartIncluding":"6.16","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.17","versionStartIncluding":"6.16","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket's read memory allocation\nconstraints. Firstly, it has:\n\n  rmem < READ_ONCE(sk->sk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket's receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n  rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf)\n\nThe checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is\nequal to sk->sk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n  rcu: INFO: rcu_sched self-detected stall on CPU\n  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n  (t=26000 jiffies g=230833 q=259957)\n  NMI backtrace for cpu 0\n  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n  Call Trace:\n  <IRQ>\n  dump_stack lib/dump_stack.c:120\n  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n  update_process_times kernel/time/timer.c:1953\n  tick_sched_handle kernel/time/tick-sched.c:227\n  tick_sched_timer kernel/time/tick-sched.c:1399\n  __hrtimer_run_queues kernel/time/hrtimer.c:1652\n  hrtimer_interrupt kernel/time/hrtimer.c:1717\n  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n  </IRQ>\n\n  netlink_attachskb net/netlink/af_netlink.c:1234\n  netlink_unicast net/netlink/af_netlink.c:1349\n  kauditd_send_queue kernel/audit.c:776\n  kauditd_thread kernel/audit.c:897\n  kthread kernel/kthread.c:328\n  ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org)."}],"providerMetadata":{"dateUpdated":"2026-05-11T21:33:49.004Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922"},{"url":"https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2"},{"url":"https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529"},{"url":"https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e"},{"url":"https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929"},{"url":"https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0"},{"url":"https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4"},{"url":"https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71"},{"url":"https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859"}],"title":"netlink: avoid infinite retry looping in netlink_unicast()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2025-38727","datePublished":"2025-09-04T15:33:25.286Z","dateReserved":"2025-04-16T04:51:24.033Z","dateUpdated":"2026-05-12T12:05:56.721Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-04 16:15:42","lastModifiedDate":"2026-05-12 13:17:02","problem_types":["CWE-835"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.146","versionEndExcluding":"6.1.149","matchCriteriaId":"81B2A3AB-7EDD-4A86-A6DE-578C92109750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.99","versionEndExcluding":"6.6.103","matchCriteriaId":"BB7770EC-6722-4972-A31B-8A3FF8093654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.39","versionEndExcluding":"6.12.43","matchCriteriaId":"66C90F36-657B-4AEE-9904-2AF95EA7920F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.7","versionEndExcluding":"6.15.11","matchCriteriaId":"B61C948D-1EE2-4D6F-AA21-5EB6E3C263F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.1","versionEndExcluding":"6.16.2","matchCriteriaId":"3D18D370-ABE4-48A4-A953-C7A2D7BE7210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.4.296:*:*:*:*:*:*:*","matchCriteriaId":"0EAAD549-C67B-41DE-B9BC-9DD6C63698A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10.240:*:*:*:*:*:*:*","matchCriteriaId":"1A07714F-7EC7-40FD-BD62-410EE6619A10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15.189:*:*:*:*:*:*:*","matchCriteriaId":"37B96E15-5206-4222-8214-8DCDF74FEC5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*","matchCriteriaId":"6238B17D-C12B-458F-A138-97039BFC4595"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*","matchCriteriaId":"3827F0D4-5FEE-4181-B267-5A45E7CA11FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*","matchCriteriaId":"7A9C2DE5-43B8-4D73-BDB5-EA55C7671A52"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"38727","Ordinal":"1","Title":"netlink: avoid infinite retry looping in netlink_unicast()","CVE":"CVE-2025-38727","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"38727","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket's read memory allocation\nconstraints. Firstly, it has:\n\n  rmem < READ_ONCE(sk->sk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket's receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n  rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf)\n\nThe checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is\nequal to sk->sk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n  rcu: INFO: rcu_sched self-detected stall on CPU\n  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n  (t=26000 jiffies g=230833 q=259957)\n  NMI backtrace for cpu 0\n  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n  Call Trace:\n  <IRQ>\n  dump_stack lib/dump_stack.c:120\n  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n  update_process_times kernel/time/timer.c:1953\n  tick_sched_handle kernel/time/tick-sched.c:227\n  tick_sched_timer kernel/time/tick-sched.c:1399\n  __hrtimer_run_queues kernel/time/hrtimer.c:1652\n  hrtimer_interrupt kernel/time/hrtimer.c:1717\n  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n  </IRQ>\n\n  netlink_attachskb net/netlink/af_netlink.c:1234\n  netlink_unicast net/netlink/af_netlink.c:1349\n  kauditd_send_queue kernel/audit.c:776\n  kauditd_thread kernel/audit.c:897\n  kthread kernel/kthread.c:328\n  ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).","Type":"Description","Title":"netlink: avoid infinite retry looping in netlink_unicast()"}]}}}