U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-39736 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the deadlock. mem_pool_alloc() -> raw_spin_lock_irqsave(&kmemleak_lock, flags); -> pr_warn_once() -> netconsole subsystem -> netpoll -> __alloc_skb -> __create_object -> raw_spin_lock_irqsave(&kmemleak_lock, flags); Fix this by setting a flag and issuing the pr_warn_once() after kmemleak_lock is released.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://cert-portal.siemens.com/productcert/html/ssa-032379.html siemens-SADP
https://git.kernel.org/stable/c/08f70be5e406ce47c822f2dd11c1170ca259605b kernel.org Patch 
https://git.kernel.org/stable/c/1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d kernel.org Patch 
https://git.kernel.org/stable/c/47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2 kernel.org Patch 
https://git.kernel.org/stable/c/4b0151e1d468eb2667c37b7af99b3c075072d334 kernel.org Patch 
https://git.kernel.org/stable/c/62879faa8efe8d8a9c7bf7606ee9c068012d7dac kernel.org Patch 
https://git.kernel.org/stable/c/a0854de00ce2ee27edf39037e7836ad580eb3350 kernel.org Patch 
https://git.kernel.org/stable/c/a181b228b37a6a5625dad2bb4265bb7abb673e9f kernel.org Patch 
https://git.kernel.org/stable/c/c7b6ea0ede687e7460e593c5ea478f50aa41682a kernel.org Patch 
https://git.kernel.org/stable/c/f249d32bb54876b4b6c3ae071af8ddca77af390b kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html CVE Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html CVE Mailing List  Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-667 Improper Locking cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-39736
NVD Published Date:
09/11/2025
NVD Last Modified:
05/12/2026
Source:
kernel.org