{"id":"CVE-2025-39900","summary":"net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y\n\nsyzbot reported a WARNING in est_timer() [1]\n\nProblem here is that with CONFIG_PREEMPT_RT=y, timer callbacks\ncan be preempted.\n\nAdopt preempt_disable_nested()/preempt_enable_nested() to fix this.\n\n[1]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 __seqprop_assert include/linux/seqlock.h:221 [inline]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:__seqprop_assert include/linux/seqlock.h:221 [inline]\n RIP: 0010:est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nCall Trace:\n \u003cTASK\u003e\n  call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n  expire_timers kernel/time/timer.c:1798 [inline]\n  __run_timers kernel/time/timer.c:2372 [inline]\n  __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n  run_timer_base kernel/time/timer.c:2393 [inline]\n  run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n  handle_softirqs+0x22c/0x710 kernel/softirq.c:579\n  __do_softirq kernel/softirq.c:613 [inline]\n  run_ktimerd+0xcf/0x190 kernel/softirq.c:1043\n  smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160\n  kthread+0x70e/0x8a0 kernel/kthread.c:463\n  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e","modified":"2026-04-02T12:48:12.104972Z","published":"2025-10-01T07:42:47.785Z","related":["SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39900.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/9f74c0ea9b26d1505d55b61e36b1623dd347e1d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a22ec2ee824be30803068a52f78f7ffe3bc879fb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e79923824c48b930609680be04cb29253fc4a17d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39900.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39900"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d2d6422f8bd17c6bb205133e290625a564194496"},{"fixed":"a22ec2ee824be30803068a52f78f7ffe3bc879fb"},{"fixed":"e79923824c48b930609680be04cb29253fc4a17d"},{"fixed":"9f74c0ea9b26d1505d55b61e36b1623dd347e1d1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39900.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}