Wiz
Vulnerability DatabaseCVE-2025-40163

CVE-2025-40163
Linux Ubuntu vulnerability analysis and mitigation

Overview

A vulnerability in the Linux kernel's scheduler component was discovered and resolved, identified as CVE-2025-40163. The issue involves the dl_server functionality during CPU offline operations, which was reported on November 12, 2025. This vulnerability specifically affects the kernel's deadline scheduler implementation (NVD Database).

Technical details

The vulnerability occurs when the dl_server hrtimer gets enqueued close to CPU offline operations, specifically when kthread_park enqueues a fair task. The issue manifests when the CPU goes offline and drmgr removes it from cpu_present_mask, followed by an hrtimer firing that triggers a kernel warning. The problem was identified in the kernel/sched/cpudeadline.c file at line 219 in the cpudl_set function (NVD Database).

Impact

When triggered, the vulnerability results in kernel warnings during CPU removal operations through drmgr, specifically when executing commands like 'drmgr -c cpu -r -q 1'. This could potentially affect system stability and CPU management operations (NVD Database).

Mitigation and workarounds

The vulnerability has been resolved by implementing a fix that stops the dl_server before the CPU is marked as dead. This solution was implemented in commit 4ae8d9aa9f9d, titled 'sched/deadline: Fix dl_server getting stuck' (NVD Database).

Additional resources

SourceThis report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-24528HIGH7.1
  • KerberosKerberos
  • crypto-policies
NoYesJan 16, 2026
CVE-2025-24531MEDIUM6.7
  • Linux DebianLinux Debian
  • pam-pkcs11
NoYesJan 16, 2026
CVE-2025-43904MEDIUM4.2
  • Linux DebianLinux Debian
  • slurm_22_05-munge
NoYesJan 16, 2026
CVE-2025-71144N/AN/A
  • Linux DebianLinux Debian
  • linux-azure-fips
NoYesJan 14, 2026
CVE-2025-71143N/AN/A
  • Linux DebianLinux Debian
  • linux-oem-6.14
NoNoJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo