{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38017","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.977Z","datePublished":"2025-06-18T09:28:25.790Z","dateUpdated":"2026-05-11T21:19:42.321Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:19:42.321Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/eventpoll: fix endless busy loop after timeout has expired\n\nAfter commit 0a65bc27bd64 (\"eventpoll: Set epoll timeout if it's in\nthe future\"), the following program would immediately enter a busy\nloop in the kernel:\n\n```\nint main() {\n  int e = epoll_create1(0);\n  struct epoll_event event = {.events = EPOLLIN};\n  epoll_ctl(e, EPOLL_CTL_ADD, 0, &event);\n  const struct timespec timeout = {.tv_nsec = 1};\n  epoll_pwait2(e, &event, 1, &timeout, 0);\n}\n```\n\nThis happens because the given (non-zero) timeout of 1 nanosecond\nusually expires before ep_poll() is entered and then\nep_schedule_timeout() returns false, but `timed_out` is never set\nbecause the code line that sets it is skipped.  This quickly turns\ninto a soft lockup, RCU stalls and deadlocks, inflicting severe\nheadaches to the whole system.\n\nWhen the timeout has expired, we don't need to schedule a hrtimer, but\nwe should set the `timed_out` variable.  Therefore, I suggest moving\nthe ep_schedule_timeout() check into the `timed_out` expression\ninstead of skipping it.\n\nbrauner: Note that there was an earlier fix by Joe Damato in response to\nmy bug report in [1]."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/eventpoll.c"],"versions":[{"version":"99a0ad16dfd114a429df665065dcc576dad743c0","lessThan":"7631dca012593c95d36199082546a24a0058fc50","status":"affected","versionType":"git"},{"version":"0a65bc27bd645894175c059397b4916e31955fb2","lessThan":"d9ec73301099ec5975505e1c3effbe768bab9490","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/eventpoll.c"],"versions":[{"version":"6.14.4","lessThan":"6.14.8","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.4","versionEndExcluding":"6.14.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7631dca012593c95d36199082546a24a0058fc50"},{"url":"https://git.kernel.org/stable/c/d9ec73301099ec5975505e1c3effbe768bab9490"}],"title":"fs/eventpoll: fix endless busy loop after timeout has expired","x_generator":{"engine":"bippy-1.2.0"}}}}