CVE-2025-37940: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37940 was disclosed on May 20, 2025, affecting the Linux kernel. The vulnerability involves a performance issue in the ftrace functionality, specifically within the ftrace_graph_set_hash() function. When the kernel contains a large number of functions that can be traced, the loop in this function may take excessive time to execute, potentially triggering the kernel's softlockup watchdog (NVD, Wiz).

The vulnerability exists in the ftrace_graph_set_hash() function of the Linux kernel's ftrace subsystem. The issue stems from missing cond_resched() calls within the loop, which are necessary to maintain kernel responsiveness during lengthy operations. The vulnerability has been assigned a CVSS 3.1 base score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Wiz).

The vulnerability can cause the kernel to become unresponsive when processing a large number of traceable functions, potentially affecting system stability and performance. This could lead to system monitoring tools detecting a softlock condition (Wiz).

The vulnerability has been resolved by adding cond_resched() within the loop in ftrace_graph_set_hash(). This modification allows the kernel to remain responsive even when processing a large number of functions. The fix matches similar cond_resched() implementations used in other code locations that iterate over traceable functions (NVD).