{"id":"CVE-2025-38017","summary":"fs/eventpoll: fix endless busy loop after timeout has expired","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/eventpoll: fix endless busy loop after timeout has expired\n\nAfter commit 0a65bc27bd64 (\"eventpoll: Set epoll timeout if it's in\nthe future\"), the following program would immediately enter a busy\nloop in the kernel:\n\n```\nint main() {\n  int e = epoll_create1(0);\n  struct epoll_event event = {.events = EPOLLIN};\n  epoll_ctl(e, EPOLL_CTL_ADD, 0, &event);\n  const struct timespec timeout = {.tv_nsec = 1};\n  epoll_pwait2(e, &event, 1, &timeout, 0);\n}\n```\n\nThis happens because the given (non-zero) timeout of 1 nanosecond\nusually expires before ep_poll() is entered and then\nep_schedule_timeout() returns false, but `timed_out` is never set\nbecause the code line that sets it is skipped.  This quickly turns\ninto a soft lockup, RCU stalls and deadlocks, inflicting severe\nheadaches to the whole system.\n\nWhen the timeout has expired, we don't need to schedule a hrtimer, but\nwe should set the `timed_out` variable.  Therefore, I suggest moving\nthe ep_schedule_timeout() check into the `timed_out` expression\ninstead of skipping it.\n\nbrauner: Note that there was an earlier fix by Joe Damato in response to\nmy bug report in [1].","modified":"2026-04-02T12:47:44.802796Z","published":"2025-06-18T09:28:25.790Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38017.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/7631dca012593c95d36199082546a24a0058fc50"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9ec73301099ec5975505e1c3effbe768bab9490"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38017.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38017"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"99a0ad16dfd114a429df665065dcc576dad743c0"},{"fixed":"7631dca012593c95d36199082546a24a0058fc50"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0a65bc27bd645894175c059397b4916e31955fb2"},{"fixed":"d9ec73301099ec5975505e1c3effbe768bab9490"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38017.json"}}],"schema_version":"1.7.5"}