CVE-2025-37859

{"id": "CVE-2025-37859", "cveTags": [], "metrics": {}, "published": "2025-05-09T07:16:06.960", "references": [{"url": "https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: avoid infinite loop to schedule delayed worker\n\nWe noticed the kworker in page_pool_release_retry() was waken\nup repeatedly and infinitely in production because of the\nbuggy driver causing the inflight less than 0 and warning\nus in page_pool_inflight()[1].\n\nSince the inflight value goes negative, it means we should\nnot expect the whole page_pool to get back to work normally.\n\nThis patch mitigates the adverse effect by not rescheduling\nthe kworker when detecting the inflight negative in\npage_pool_release_retry().\n\n[1]\n[Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------\n[Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages\n...\n[Mon Feb 10 20:36:11 2025] Call Trace:\n[Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70\n[Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370\n[Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0\n[Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140\n[Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370\n[Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40\n[Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40\n[Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---\nNote: before this patch, the above calltrace would flood the\ndmesg due to repeated reschedule of release_dw kworker."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: page_pool: evitar bucle infinito para programar un trabajador retrasado. Observamos que el kworker en page_pool_release_retry() se reactivaba repetida e infinitamente en producci\u00f3n debido a un controlador defectuoso que causaba un valor inflight menor que 0 y nos advert\u00eda en page_pool_inflight()[1]. Dado que el valor inflight es negativo, no debemos esperar que todo el page_pool vuelva a funcionar con normalidad. Este parche mitiga el efecto adverso al no reprogramar el kworker al detectar un valor inflight negativo en page_pool_release_retry(). [1] [Lun 10 Feb 20:36:11 2025] ------------[ cortar aqu\u00ed ]------------ [Lun 10 Feb 20:36:11 2025] Negativo(-51446) paquetes en vuelo-p\u00e1ginas ... [Lun 10 Feb 20:36:11 2025] Rastreo de llamadas: [Lun 10 Feb 20:36:11 2025] page_pool_release_retry+0x23/0x70 [Lun 10 Feb 20:36:11 2025] process_one_work+0x1b1/0x370 [Lun 10 Feb 20:36:11 2025] workers_thread+0x37/0x3a0 [Lun 10 Feb 20:36:11 2025] kthread+0x11a/0x140 [lun 10 feb 20:36:11 2025] ? process_one_work+0x370/0x370 [lun 10 feb 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40 [lun 10 feb 20:36:11 2025] ret_from_fork+0x35/0x40 [lun 10 feb 20:36:11 2025] ---[ fin del seguimiento ebffe800f33e7e34 ]--- Nota: antes de este parche, el seguimiento de llamadas anterior inundar\u00eda dmesg debido a la reprogramaci\u00f3n repetida de release_dw kworker."}], "lastModified": "2025-05-12T17:32:52.810", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}