CVE-2025-40163

Linux Kernel 6.17-6.17.4 - Denial of Service via CPU Offline Operation

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation through drmgr[2]. i.e "drmgr -c cpu -r -q 1" WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219 cpudl_set+0x58/0x170 NIP [c0000000002b6ed8] cpudl_set+0x58/0x170 LR [c0000000002b7cb8] dl_server_timer+0x168/0x2a0 Call Trace: [c000000002c2f8c0] init_stack+0x78c0/0x8000 (unreliable) [c0000000002b7cb8] dl_server_timer+0x168/0x2a0 [c00000000034df84] __hrtimer_run_queues+0x1a4/0x390 [c00000000034f624] hrtimer_interrupt+0x124/0x300 [c00000000002a230] timer_interrupt+0x140/0x320 Git bisects to: commit 4ae8d9aa9f9d ("sched/deadline: Fix dl_server getting stuck") This happens since: - dl_server hrtimer gets enqueued close to cpu offline, when kthread_park enqueues a fair task. - CPU goes offline and drmgr removes it from cpu_present_mask. - hrtimer fires and warning is hit. Fix it by stopping the dl_server before CPU is marked dead. [1]: https://lore.kernel.org/all/[email protected]/ [2]: https://github.com/ibm-power-utilities/powerpc-utils/tree/next/src/drmgr [sshegde: wrote the changelog and tested it]

Scores

EPSS 0.0018
EPSS Percentile 7.7%

Details

Status published
Products (8)
linux/Kernel 6.17.0 - 6.17.5linux
Linux/Linux < 6.17
Linux/Linux 030167dcadf50a9f9dac4de6fa4c34f4f7afeed7 - d7fd56ed5e07e053a5eea6112d61fcaded653b87
Linux/Linux 4ae8d9aa9f9dc7137ea5e564d79c5aa5af1bc45c - ab6c0f158508bb16d483add70b73a73f95651c33
Linux/Linux 4ae8d9aa9f9dc7137ea5e564d79c5aa5af1bc45c - ee6e44dfe6e50b4a5df853d933a96bdff5309e6e
Linux/Linux 6.17
Linux/Linux 6.17.5 - 6.17.*
Linux/Linux 6.18
Published Nov 12, 2025
Tracked Since Feb 18, 2026