{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "99a0ad16dfd114a429df665065dcc576dad743c0"
            },
            {
              "fixed": "7631dca012593c95d36199082546a24a0058fc50"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0a65bc27bd645894175c059397b4916e31955fb2"
            },
            {
              "fixed": "d9ec73301099ec5975505e1c3effbe768bab9490"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38017.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/eventpoll: fix endless busy loop after timeout has expired\n\nAfter commit 0a65bc27bd64 (\"eventpoll: Set epoll timeout if it's in\nthe future\"), the following program would immediately enter a busy\nloop in the kernel:\n\n```\nint main() {\n  int e = epoll_create1(0);\n  struct epoll_event event = {.events = EPOLLIN};\n  epoll_ctl(e, EPOLL_CTL_ADD, 0, \u0026event);\n  const struct timespec timeout = {.tv_nsec = 1};\n  epoll_pwait2(e, \u0026event, 1, \u0026timeout, 0);\n}\n```\n\nThis happens because the given (non-zero) timeout of 1 nanosecond\nusually expires before ep_poll() is entered and then\nep_schedule_timeout() returns false, but `timed_out` is never set\nbecause the code line that sets it is skipped.  This quickly turns\ninto a soft lockup, RCU stalls and deadlocks, inflicting severe\nheadaches to the whole system.\n\nWhen the timeout has expired, we don't need to schedule a hrtimer, but\nwe should set the `timed_out` variable.  Therefore, I suggest moving\nthe ep_schedule_timeout() check into the `timed_out` expression\ninstead of skipping it.\n\nbrauner: Note that there was an earlier fix by Joe Damato in response to\nmy bug report in [1].",
  "id": "CVE-2025-38017",
  "modified": "2026-04-01T23:09:00.616355988Z",
  "published": "2025-06-18T09:28:25.790Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7631dca012593c95d36199082546a24a0058fc50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d9ec73301099ec5975505e1c3effbe768bab9490"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38017.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38017"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "fs/eventpoll: fix endless busy loop after timeout has expired"
}