CVE-2025-38017Infinite Loop in Linux

CWE-835Infinite Loop5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJun 18

Description

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future"), the following program would immediately enter a busy loop in the kernel: ``` int main() { int e = epoll_create1(0); struct epoll_event event = {.events = EPOLLIN}; epoll_ctl(e, EPOLL_CTL_ADD, 0, &event); const struct timespec timeout = {.tv_nsec = 1}; epoll_pwait2(e, &event, 1, &timeo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.14.46.14.8+1
CVEListV5linux/linux99a0ad16dfd114a429df665065dcc576dad743c07631dca012593c95d36199082546a24a0058fc50+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-hv9m-xg7c-9q4v: In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65b2025-06-18
OSV
CVE-2025-38017: In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc22025-06-18

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service via endless busy loop in eventpoll2025-06-18
Debian
CVE-2025-38017: linux - In the Linux kernel, the following vulnerability has been resolved: fs/eventpol...2025
CVE-2025-38017 — Infinite Loop in Linux | cvebase