DEBIAN-CVE-2025-39900

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-39900

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-39900.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-39900

Upstream

CVE-2025-39900

Published

2025-10-01T08:15:32Z

Modified

2025-10-02T09:25:45.855678Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer() vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer() [1] Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested()/preemptenablenested() to fix this. [1] WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 seqpropassert include/linux/seqlock.h:221 [inline] WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 esttimer+0x6dc/0x9f0 net/core/genestimator.c:93 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:seqpropassert include/linux/seqlock.h:221 [inline] RIP: 0010:esttimer+0x6dc/0x9f0 net/core/genestimator.c:93 Call Trace: <TASK> calltimerfn+0x17e/0x5f0 kernel/time/timer.c:1747 expiretimers kernel/time/timer.c:1798 [inline] _runtimers kernel/time/timer.c:2372 [inline] _runtimerbase+0x648/0x970 kernel/time/timer.c:2384 runtimerbase kernel/time/timer.c:2393 [inline] runtimersoftirq+0xb7/0x180 kernel/time/timer.c:2403 handlesoftirqs+0x22c/0x710 kernel/softirq.c:579 _dosoftirq kernel/softirq.c:613 [inline] runktimerd+0xcf/0x190 kernel/softirq.c:1043 smpbootthreadfn+0x53f/0xa60 kernel/smpboot.c:160 kthread+0x70e/0x8a0 kernel/kthread.c:463 retfromfork+0x3fc/0x770 arch/x86/kernel/process.c:148 retfromforkasm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK>

References

https://security-tracker.debian.org/tracker/CVE-2025-39900

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.48-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.16.6-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

6.16.3-1

6.16.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}