Linux Kernel up to 6.17-rc4 slub set_track_prepare allocation of resources

CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.
4.9$0-$5k0.00

Summaryinfo

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. This issue affects the function set_track_prepare of the component slub. This manipulation causes allocation of resources. This vulnerability is handled as CVE-2025-39843. There is not any exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4 and classified as critical. Affected by this vulnerability is the function set_track_prepare of the component slub. The manipulation with an unknown input leads to a allocation of resources vulnerability. The CWE definition for the vulnerability is CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags, which do not contain __GFP_KSWAPD_RECLAIM in the debug_objects_fill_pool() case. Inside stack depot they are processed by gfp_nested_mask(). Since ___slab_alloc() has preemption disabled, we mask out __GFP_DIRECT_RECLAIM from the flags there. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ...

The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2025-39843 since 04/16/2025. The exploitation appears to be difficult. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 265483 (Linux Distros Unpatched Vulnerability : CVE-2025-39843), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.1.151, 6.6.105, 6.12.46, 6.16.6 or 6.17-rc5 eliminates this vulnerability. Applying the patch 994b03b9605d36d814c611385fbf90ca6db20aa8/522ffe298627cfe72539d72167c2e20e72b5e856/243b705a90ed8449f561a271cf251fd2e939f3db/eb3240ffd243bfb8b1e9dc568d484ecf9fd660ab/850470a8413a8a78e772c4f6bd9fe81ec6bd5b0f is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (265483) and CERT Bund (WID-SEC-2025-2099). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Affected

  • Debian Linux
  • Amazon Linux 2
  • Red Hat Enterprise Linux
  • Ubuntu Linux
  • SUSE Linux
  • Oracle Linux
  • IBM QRadar SIEM
  • SUSE openSUSE
  • RESF Rocky Linux
  • Open Source Linux Kernel
  • Dell Secure Connect Gateway

Productinfo

Type

Vendor

Name

Version

License

Website

CPE 2.3info

CPE 2.2info

CVSSv4info

VulDB Vector: 🔒
VulDB Reliability: 🔍

CVSSv3info

VulDB Meta Base Score: 5.0
VulDB Meta Temp Score: 4.9

VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔒
VulDB Reliability: 🔍

NVD Base Score: 5.5
NVD Vector: 🔒

CVSSv2info

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

Exploitinginfo

Class: Allocation of resources
CWE: CWE-770 / CWE-400 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒

Physical: Partially
Local: Yes
Remote: Partially

Availability: 🔒
Status: Not defined

EPSS Score: 🔒
EPSS Percentile: 🔒

Price Prediction: 🔍
Current Price Estimation: 🔒

0-DayUnlockUnlockUnlockUnlock
TodayUnlockUnlockUnlockUnlock

Nessus ID: 265483
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2025-39843

Threat Intelligenceinfo

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍

Countermeasuresinfo

Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: Kernel 6.1.151/6.6.105/6.12.46/6.16.6/6.17-rc5
Patch: 994b03b9605d36d814c611385fbf90ca6db20aa8/522ffe298627cfe72539d72167c2e20e72b5e856/243b705a90ed8449f561a271cf251fd2e939f3db/eb3240ffd243bfb8b1e9dc568d484ecf9fd660ab/850470a8413a8a78e772c4f6bd9fe81ec6bd5b0f

Timelineinfo

04/16/2025 CVE reserved
09/19/2025 +156 days Advisory disclosed
09/19/2025 +0 days VulDB entry created
01/20/2026 +123 days VulDB entry last update

Sourcesinfo

Vendor: kernel.org

Advisory: git.kernel.org
Status: Confirmed

CVE: CVE-2025-39843 (🔒)
GCVE (CVE): GCVE-0-2025-39843
GCVE (VulDB): GCVE-100-325021
CERT Bund: WID-SEC-2025-2099 - Linux Kernel: Mehrere Schwachstellen

Entryinfo

Created: 09/19/2025 18:09
Updated: 01/20/2026 16:55
Changes: 09/19/2025 18:09 (59), 09/22/2025 18:08 (2), 10/20/2025 20:11 (7), 11/03/2025 12:45 (1), 11/12/2025 04:15 (1), 11/29/2025 06:03 (1), 12/22/2025 10:25 (1), 01/20/2026 16:55 (11)
Complete: 🔍
Cache ID: 216::103

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion

No comments yet. Languages: en.

Please log in to comment.

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!