CVE-2025-39886 — Linux vulnerability

23 documents7 sources

Severity

5.5MEDIUMNVD

OSV3.2

EPSS

0.0%

top 95.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +5 more

Timeline

PublishedSep 23

Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() Currently, calling bpf_map_kmalloc_node() from __bpf_async_init() can cause various locking issues; see the following stack trace (edited for style) as one example: ... [10.011566] do_raw_spin_lock.cold [10.011570] try_to_wake_up (5) double-acquiring the same [10.011575] kick_pool rq_lock, causing a hardlockup [10.011579] __queue_work [10.011582] queue_work_…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

▶NVDlinux/linux_kernel5.15 — 6.6.107+3

▶Debianlinux/linux_kernel< 6.12.48-1+1

▶Ubuntulinux/linux_kernel< 6.8.0-106.106

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.104.2-4_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-raspi, linux-raspi-realtime vulnerabilities↗2026-04-01

▶

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

OSV

linux-azure vulnerabilities↗2026-03-25

▶

OSV

linux-aws-6.8 vulnerabilities↗2026-03-23

▶

OSV

linux-realtime, linux-realtime-6.8 vulnerabilities↗2026-03-17

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2026-03-23

▶