CVE-2025-38614

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons: - They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the paths is actually considered for the depth check since commit 28d82dc1c4ed ("epoll: limit paths"). Essentially, the current recursion depth check in ep_loop_check_proc() just serves to prevent it from recursing too deeply while checking for loops. A more thorough check is done in reverse_path_check() after the new graph edge has already been created; this checks, among other things, that no paths going upwards from any non-epoll file with a length of more than 5 edges exist. However, this check does not apply to non-epoll files. As a result, it is possible to recurse to a depth of at least roughly 500, tested on v6.15. (I am unsure if deeper recursion is possible; and this may have changed with commit 8c44dac8add7 ("eventpoll: Fix priority inversion problem").) To fix it: 1. In ep_loop_check_proc(), note the subtree depth of each visited node, and use subtree depths for the total depth calculation even when a subtree has already been visited. 2. Add ep_get_upwards_depth_proc() for similarly determining the maximum depth of an upwards walk. 3. In ep_loop_check(), use these values to limit the total path length between epoll nodes to EP_MAX_NESTS edges.

CVSS3: 7.3

Vendor State

OS	Vendor version	Errata
Ubuntu 22.04	5.15.0-163.173	USN-7909-1
Ubuntu 22.04 AWS	5.15.0-1097.104	USN-7909-1
RHEL 9	5.14.0-570.52.1.el9_6	RHSA-2025:17760
Oracle Linux 9	5.14.0-570.52.1.0.1.el9_6	ELSA-2025-17760
Rocky Linux 9	5.14.0-570.52.1.el9_6	RLSA-2025:17760
AlmaLinux 9	5.14.0-570.52.1.el9_6	ALSA-2025:17760
Oracle Linux 9 UEK 7	5.15.0-314.193.5.3.el9uek	ELSA-2025-25757
Oracle Linux 8 UEK 7	5.15.0-314.193.5.3.el8uek	ELSA-2025-25757
Debian 12	6.1.153-1	DSA-6009-1
Amazon Linux 2023	6.1.150-174.273.amzn2023	ALAS2023-2025-1186
RHEL 10	6.12.0-55.40.1.el10_0	RHSA-2025:18318
AlmaLinux 10	6.12.0-55.40.1.el10_0	ALSA-2025:18318
Oracle Linux 10	6.12.0-124.13.1.el10_1	ELSA-2025-21931
Rocky Linux 10	6.12.0-55.40.1.el10_0	RLSA-2025:18318

KernelCare State

OS	Original kernel version	State
Ubuntu 22.04		Planned
Ubuntu 22.04 AWS		Planned
RHEL 9	5.14.0-362.8.1.el9_3 show all hide all 5.14.0-362.13.1.el9_3 5.14.0-362.18.1.el9_3 5.14.0-362.24.1.el9_3 5.14.0-427.13.1.el9_4 5.14.0-427.16.1.el9_4 5.14.0-427.18.1.el9_4 5.14.0-427.20.1.el9_4 5.14.0-427.22.1.el9_4 5.14.0-427.24.1.el9_4 5.14.0-427.26.1.el9_4 5.14.0-427.28.1.el9_4 5.14.0-427.31.1.el9_4 5.14.0-427.33.1.el9_4 5.14.0-427.35.1.el9_4 5.14.0-427.37.1.el9_4 5.14.0-427.40.1.el9_4 5.14.0-427.42.1.el9_4 5.14.0-503.11.1.el9_5 5.14.0-503.14.1.el9_5 5.14.0-503.15.1.el9_5 5.14.0-503.16.1.el9_5 5.14.0-503.19.1.el9_5 5.14.0-503.21.1.el9_5 5.14.0-503.22.1.el9_5 5.14.0-503.23.1.el9_5 5.14.0-503.23.2.el9_5 5.14.0-503.26.1.el9_5 5.14.0-503.29.1.el9_5 5.14.0-503.31.1.el9_5 5.14.0-503.33.1.el9_5 5.14.0-503.34.1.el9_5 5.14.0-503.35.1.el9_5 5.14.0-503.38.1.el9_5 5.14.0-503.40.1.el9_5 5.14.0-570.12.1.el9_6 5.14.0-570.16.1.el9_6 5.14.0-570.17.1.el9_6 5.14.0-570.18.1.el9_6 5.14.0-570.19.1.el9_6 5.14.0-570.21.1.el9_6 5.14.0-570.22.1.el9_6 5.14.0-570.23.1.el9_6 5.14.0-570.24.1.el9_6 5.14.0-570.25.1.el9_6 5.14.0-570.26.1.el9_6 5.14.0-570.28.1.el9_6 5.14.0-570.30.1.el9_6 5.14.0-570.32.1.el9_6 5.14.0-570.33.2.el9_6 5.14.0-570.35.1.el9_6 5.14.0-570.37.1.el9_6 5.14.0-570.39.1.el9_6 5.14.0-570.41.1.el9_6 5.14.0-570.42.2.el9_6 5.14.0-570.44.1.el9_6 5.14.0-570.46.1.el9_6 5.14.0-570.49.1.el9_6 5.14.0-570.51.1.el9_6	In Rollout
Oracle Linux 9	5.14.0-362.8.1.el9_3 show all hide all 5.14.0-362.13.0.1.el9_3 5.14.0-362.13.1.el9_3 5.14.0-362.18.0.1.el9_3 5.14.0-362.18.0.2.el9_3 5.14.0-362.18.1.el9_3 5.14.0-362.24.1.el9_3 5.14.0-362.24.1.0.1.el9_3 5.14.0-427.13.1.el9_4 5.14.0-427.16.1.el9_4 5.14.0-362.24.1.0.2.el9_3 5.14.0-427.18.1.el9_4 5.14.0-427.20.1.el9_4 5.14.0-427.22.1.el9_4 5.14.0-427.24.1.el9_4 5.14.0-427.26.1.el9_4 5.14.0-427.28.1.el9_4 5.14.0-427.31.1.el9_4 5.14.0-427.33.1.el9_4 5.14.0-427.35.1.el9_4 5.14.0-427.37.1.el9_4 5.14.0-427.40.1.el9_4 5.14.0-427.42.1.el9_4 5.14.0-503.11.1.el9_5 5.14.0-503.14.1.el9_5 5.14.0-503.15.1.el9_5 5.14.0-503.16.1.el9_5 5.14.0-503.19.1.el9_5 5.14.0-503.21.1.el9_5 5.14.0-503.22.1.el9_5 5.14.0-503.23.1.el9_5 5.14.0-503.23.2.el9_5 5.14.0-503.26.1.el9_5 5.14.0-503.31.1.el9_5 5.14.0-503.29.1.el9_5 5.14.0-503.33.1.el9_5 5.14.0-503.34.1.el9_5 5.14.0-503.35.1.el9_5 5.14.0-503.38.1.el9_5 5.14.0-503.40.1.el9_5 5.14.0-570.12.1.0.1.el9_6 5.14.0-570.16.1.0.1.el9_6 5.14.0-570.17.1.0.1.el9_6 5.14.0-570.18.1.0.1.el9_6 5.14.0-570.19.1.0.1.el9_6 5.14.0-570.21.1.0.1.el9_6 5.14.0-570.22.1.0.1.el9_6 5.14.0-570.23.1.0.1.el9_6 5.14.0-570.24.1.0.1.el9_6 5.14.0-570.25.1.0.1.el9_6 5.14.0-570.26.1.0.1.el9_6 5.14.0-570.28.1.0.1.el9_6 5.14.0-570.30.1.0.1.el9_6 5.14.0-570.32.1.0.1.el9_6 5.14.0-570.33.2.0.1.el9_6 5.14.0-570.35.1.0.1.el9_6 5.14.0-570.37.1.0.1.el9_6 5.14.0-570.39.1.0.1.el9_6 5.14.0-570.41.1.0.1.el9_6 5.14.0-570.42.2.0.1.el9_6 5.14.0-570.44.1.0.1.el9_6 5.14.0-570.46.1.0.1.el9_6 5.14.0-570.49.1.0.1.el9_6 5.14.0-570.51.1.0.1.el9_6	In Rollout
Rocky Linux 9	5.14.0-362.8.1.el9_3 show all hide all 5.14.0-362.13.1.el9_3 5.14.0-362.18.1.el9_3 5.14.0-362.24.1.el9_3 5.14.0-362.18.1.el9_3.0.1 5.14.0-427.13.1.el9_4 5.14.0-427.16.1.el9_4 5.14.0-362.24.1.el9_3.0.1 5.14.0-427.18.1.el9_4 5.14.0-427.20.1.el9_4 5.14.0-427.24.1.el9_4 5.14.0-427.26.1.el9_4 5.14.0-427.28.1.el9_4 5.14.0-427.20.1.el9_4.0.1 5.14.0-427.22.1.el9_4 5.14.0-427.31.1.el9_4 5.14.0-427.33.1.el9_4 5.14.0-427.35.1.el9_4 5.14.0-427.37.1.el9_4 5.14.0-427.40.1.el9_4 5.14.0-427.42.1.el9_4 5.14.0-503.14.1.el9_5 5.14.0-503.15.1.el9_5 5.14.0-503.16.1.el9_5 5.14.0-503.19.1.el9_5 5.14.0-503.21.1.el9_5 5.14.0-503.22.1.el9_5 5.14.0-503.23.2.el9_5 5.14.0-503.26.1.el9_5 5.14.0-503.23.1.el9_5 5.14.0-503.31.1.el9_5 5.14.0-503.34.1.el9_5 5.14.0-503.29.1.el9_5 5.14.0-503.35.1.el9_5 5.14.0-503.33.1.el9_5 5.14.0-503.38.1.el9_5 5.14.0-503.40.1.el9_5 5.14.0-570.18.1.el9_6 5.14.0-570.19.1.el9_6 5.14.0-570.21.1.el9_6 5.14.0-570.22.1.el9_6 5.14.0-570.23.1.el9_6 5.14.0-570.25.1.el9_6 5.14.0-570.26.1.el9_6 5.14.0-570.28.1.el9_6 5.14.0-570.30.1.el9_6 5.14.0-570.32.1.el9_6 5.14.0-570.33.2.el9_6 5.14.0-570.37.1.el9_6 5.14.0-570.39.1.el9_6 5.14.0-570.42.2.el9_6 5.14.0-570.49.1.el9_6	In Rollout
AlmaLinux 9	5.14.0-362.8.1.el9_3 show all hide all 5.14.0-362.13.1.el9_3 5.14.0-362.18.1.el9_3 5.14.0-362.24.1.el9_3 5.14.0-427.13.1.el9_4 5.14.0-427.16.1.el9_4 5.14.0-362.24.2.el9_3 5.14.0-427.18.1.el9_4 5.14.0-427.20.1.el9_4 5.14.0-427.24.1.el9_4 5.14.0-427.26.1.el9_4 5.14.0-427.28.1.el9_4 5.14.0-427.22.1.el9_4 5.14.0-427.31.1.el9_4 5.14.0-427.33.1.el9_4 5.14.0-427.35.1.el9_4 5.14.0-427.37.1.el9_4 5.14.0-427.40.1.el9_4 5.14.0-427.42.1.el9_4 5.14.0-503.11.1.el9_5 5.14.0-503.14.1.el9_5 5.14.0-503.15.1.el9_5 5.14.0-503.16.1.el9_5 5.14.0-503.19.1.el9_5 5.14.0-503.21.1.el9_5 5.14.0-503.22.1.el9_5 5.14.0-503.23.2.el9_5 5.14.0-503.26.1.el9_5 5.14.0-503.23.1.el9_5 5.14.0-503.31.1.el9_5 5.14.0-503.34.1.el9_5 5.14.0-503.29.1.el9_5 5.14.0-503.35.1.el9_5 5.14.0-503.33.1.el9_5 5.14.0-503.38.1.el9_5 5.14.0-503.40.1.el9_5 5.14.0-570.12.1.el9_6 5.14.0-570.16.1.el9_6 5.14.0-570.17.1.el9_6 5.14.0-570.18.1.el9_6 5.14.0-570.19.1.el9_6 5.14.0-570.21.1.el9_6 5.14.0-570.22.1.el9_6 5.14.0-570.23.1.el9_6 5.14.0-570.24.1.el9_6 5.14.0-570.25.1.el9_6 5.14.0-570.26.1.el9_6 5.14.0-570.28.1.el9_6 5.14.0-570.30.1.el9_6 5.14.0-570.32.1.el9_6 5.14.0-570.33.2.el9_6 5.14.0-570.35.1.el9_6 5.14.0-570.37.1.el9_6 5.14.0-570.39.1.el9_6 5.14.0-570.41.1.el9_6 5.14.0-570.42.2.el9_6 5.14.0-570.44.1.el9_6 5.14.0-570.46.1.el9_6 5.14.0-570.49.1.el9_6 5.14.0-570.51.1.el9_6	In Rollout
Oracle Linux 9 UEK 7		Planned
Oracle Linux 8 UEK 7		Planned
Debian 12	6.1.38-1 show all hide all 6.1.38-2 6.1.38-4 6.1.52-1 6.1.55-1 6.1.64-1 6.1.66-1 6.1.69-1 6.1.76-1 6.1.27-1 6.1.67-1 6.1.85-1 6.1.90-1 6.1.94-1 6.1.99-1 6.1.106-3 6.1.112-1 6.1.115-1 6.1.119-1 6.1.123-1 6.1.128-1 6.1.124-1 6.1.129-1 6.1.133-1 6.1.135-1 6.1.137-1 6.1.140-1 6.1.139-1 6.1.147-1	Released
Amazon Linux 2023	6.1.79-99.164.amzn2023 show all hide all 6.1.84-99.169.amzn2023 6.1.82-99.168.amzn2023 6.1.90-99.173.amzn2023 6.1.87-99.174.amzn2023 6.1.91-99.172.amzn2023 6.1.97-104.177.amzn2023 6.1.94-99.176.amzn2023 6.1.102-108.177.amzn2023 6.1.106-116.188.amzn2023 6.1.102-111.182.amzn2023 6.1.79-99.167.amzn2023 6.1.92-99.174.amzn2023 6.1.96-102.177.amzn2023 6.1.109-118.189.amzn2023 6.1.112-122.189.amzn2023 6.1.111-120.187.amzn2023 6.1.115-126.197.amzn2023 6.1.119-129.201.amzn2023 6.1.124-134.200.amzn2023 6.1.127-135.201.amzn2023 6.1.128-136.201.amzn2023 6.1.129-138.220.amzn2023 6.1.130-139.222.amzn2023 6.1.131-143.221.amzn2023 6.1.132-147.221.amzn2023 6.1.134-150.224.amzn2023 6.1.112-124.190.amzn2023 6.1.140-154.222.amzn2023 6.1.141-155.222.amzn2023 6.1.134-152.225.amzn2023 6.1.144-170.251.amzn2023 6.1.147-172.266.amzn2023 6.1.148-173.267.amzn2023 6.1.141-165.249.amzn2023 6.1.141-167.250.amzn2023 6.1.147-172.259.amzn2023	Released
RHEL 10	6.12.0-55.27.1.el10_0 show all hide all 6.12.0-55.28.1.el10_0 6.12.0-55.29.1.el10_0 6.12.0-55.30.1.el10_0 6.12.0-55.31.1.el10_0 6.12.0-55.32.1.el10_0 6.12.0-55.33.1.el10_0 6.12.0-55.34.1.el10_0 6.12.0-55.37.1.el10_0 6.12.0-55.38.1.el10_0 6.12.0-55.39.1.el10_0	Released
AlmaLinux 10	6.12.0-55.27.1.el10_0 show all hide all 6.12.0-55.28.1.el10_0 6.12.0-55.29.1.el10_0 6.12.0-55.30.1.el10_0 6.12.0-55.31.1.el10_0 6.12.0-55.32.1.el10_0 6.12.0-55.33.1.el10_0 6.12.0-55.34.1.el10_0 6.12.0-55.37.1.el10_0 6.12.0-55.38.1.el10_0 6.12.0-55.39.1.el10_0	Released
Oracle Linux 10	6.12.0-55.27.1.0.1.el10_0 show all hide all 6.12.0-55.28.1.0.1.el10_0 6.12.0-55.29.1.0.1.el10_0 6.12.0-55.30.1.0.1.el10_0 6.12.0-55.31.1.0.1.el10_0 6.12.0-55.32.1.0.1.el10_0 6.12.0-55.33.1.0.1.el10_0 6.12.0-55.34.1.0.1.el10_0 6.12.0-55.37.1.0.1.el10_0 6.12.0-55.38.1.0.1.el10_0 6.12.0-55.39.1.0.1.el10_0	Released
Rocky Linux 10	6.12.0-55.27.1.el10_0 show all hide all 6.12.0-55.29.1.el10_0 6.12.0-55.30.1.el10_0 6.12.0-55.32.1.el10_0 6.12.0-55.34.1.el10_0 6.12.0-55.37.1.el10_0 6.12.0-55.39.1.el10_0	Released