CVE-2025-39782

MEDIUM EPSS 1.9%
Published Sep 11, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 11, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a batch of buffers to avoid long hold times on the j_list_lock. However, since both functions contend for j_list_lock, the combined time spent waiting and processing can be significant. jbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when need_resched() is true to avoid softlockups during prolonged operations. But jbd2_log_do_checkpoint() only exits its loop when need_resched() is true, relying on potentially sleeping functions like __flush_batch() or wait_on_buffer() to trigger rescheduling. If those functions do not sleep, the kernel may hit a softlockup. watchdog: BUG: soft lockup - CPU#3 stuck for 156s! [kworker/u129:2:373] CPU: 3 PID: 373 Comm: kworker/u129:2 Kdump: loaded Not tainted 6.6.0+ #10 Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.27 06/13/2017 Workqueue: writeback wb_workfn (flush-7:2) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : native_queued_spin_lock_slowpath+0x358/0x418 lr : jbd2_log_do_checkpoint+0x31c/0x438 [jbd2] Call trace: native_queued_spin_lock_slowpath+0x358/0x418 jbd2_log_do_checkpoint+0x31c/0x438 [jbd2] __jbd2_log_wait_for_space+0xfc/0x2f8 [jbd2] add_transaction_credits+0x3bc/0x418 [jbd2] start_this_handle+0xf8/0x560 [jbd2] jbd2__journal_start+0x118/0x228 [jbd2] __ext4_journal_start_sb+0x110/0x188 [ext4] ext4_do_writepages+0x3dc/0x740 [ext4] ext4_writepages+0xa4/0x190 [ext4] do_writepages+0x94/0x228 __writeback_single_inode+0x48/0x318 writeback_sb_inodes+0x204/0x590 __writeback_inodes_wb+0x54/0xf8 wb_writeback+0x2cc/0x3d8 wb_do_writeback+0x2e0/0x2f8 wb_workfn+0x80/0x2a8 process_one_work+0x178/0x3e8 worker_thread+0x234/0x3b8 kthread+0xf0/0x108 ret_from_fork+0x10/0x20 So explicitly call cond_resched() in jbd2_log_do_checkpoint() to avoid softlockup.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥2.6.16  –  <5.4.297
linuxlinux_kernel*≥5.5  –  <5.10.241
linuxlinux_kernel*≥5.11  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.149
linuxlinux_kernel*≥6.2  –  <6.6.103
linuxlinux_kernel*≥6.7  –  <6.12.44
linuxlinux_kernel*≥6.13  –  <6.16.4
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/26cb9aad94cb1811d8fae115594cc71fa3d91ab0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3faac5e1d14c63260fd1bf789d96bde3ab3d9e54
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41f40038de62e8306897cf6840791b268996432a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/429d50cbaff45090d52a1ea850d5de8c14881ee7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84ff98c1ea19acd3f9389e4bb6061364e943f85e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d98cf4632258720f18265a058e62fde120c0151
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f683d611518d30334813eecf9a8c687453e2800e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7ee8fd689e6d534f9fd2494b9266f7998082e65
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/26cb9aad94cb1811d8fae115594cc71fa3d91ab0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3faac5e1d14c63260fd1bf789d96bde3ab3d9e54
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41f40038de62e8306897cf6840791b268996432a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/429d50cbaff45090d52a1ea850d5de8c14881ee7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84ff98c1ea19acd3f9389e4bb6061364e943f85e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d98cf4632258720f18265a058e62fde120c0151
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f683d611518d30334813eecf9a8c687453e2800e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7ee8fd689e6d534f9fd2494b9266f7998082e65
    Patch