CVE-2025-38048

EPSS 0.02%
Veröffentlicht 18.06.2025 09:33:31
Zuletzt bearbeitet 17.12.2025 18:17:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN

syzbot reports a data-race when accessing the event_triggered, here is the
simplified stack when the issue occurred:

==================================================================
BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed

write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0:
 virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653
 start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264
 __netdev_start_xmit include/linux/netdevice.h:5151 [inline]
 netdev_start_xmit include/linux/netdevice.h:5160 [inline]
 xmit_one net/core/dev.c:3800 [inline]

read to 0xffff8881025bc452 of 1 bytes by interrupt on cpu 1:
 virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [inline]
 virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566
 skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777
 vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715
 __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]

value changed: 0x01 -> 0x00
==================================================================

When the data race occurs, the function virtqueue_enable_cb_delayed() sets
event_triggered to false, and virtqueue_disable_cb_split/packed() reads it
as false due to the race condition. Since event_triggered is an unreliable
hint used for optimization, this should only cause the driver temporarily
suggest that the device not send an interrupt notification when the event
index is used.

Fix this KCSAN reported data-race issue by explicitly tagging the access as
data_racy.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.15.185

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.141

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.93

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.31

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.9

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2

Patch

https://git.kernel.org/stable/c/b6d6419548286b2b9d2b90df824d3cab797f6ae8

Patch

https://git.kernel.org/stable/c/b49b5132e4c7307599492aee1cdc6d89f7f2a7da

Patch

https://git.kernel.org/stable/c/b730cb109633c455ce8a7cd6934986c6a16d88d8

Patch

https://git.kernel.org/stable/c/4ed8f0e808b3fcc71c5b8be7902d8738ed595b17

Patch

https://git.kernel.org/stable/c/2e2f925fe737576df2373931c95e1a2b66efdfef

Patch