CVE-2025-38311

EPSS 0.03%
Published 10.07.2025 07:42:20
Last modified 10.07.2025 13:17:30
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

iavf: get rid of the crit lock

Get rid of the crit lock.
That frees us from the error prone logic of try_locks.

Thanks to netdev_lock() by Jakub it is now easy, and in most cases we were
protected by it already - replace crit lock by netdev lock when it was not
the case.

Lockdep reports that we should cancel the work under crit_lock [splat1],
and that was the scheme we have mostly followed since [1] by Slawomir.
But when that is done we still got into deadlocks [splat2]. So instead
we should look at the bigger problem, namely "weird locking/scheduling"
of the iavf. The first step to fix that is to remove the crit lock.
I will followup with a -next series that simplifies scheduling/tasks.

Cancel the work without netdev lock (weird unlock+lock scheme),
to fix the [splat2] (which would be totally ugly if we would kept
the crit lock).

Extend protected part of iavf_watchdog_task() to include scheduling
more work.

Note that the removed comment in iavf_reset_task() was misplaced,
it belonged to inside of the removed if condition, so it's gone now.

[splat1] - w/o this patch - The deadlock during VF removal:
     WARNING: possible circular locking dependency detected
     sh/3825 is trying to acquire lock:
      ((work_completion)(&(&adapter->watchdog_task)->work)){+.+.}-{0:0}, at: start_flush_work+0x1a1/0x470
          but task is already holding lock:
      (&adapter->crit_lock){+.+.}-{4:4}, at: iavf_remove+0xd1/0x690 [iavf]
          which lock already depends on the new lock.

[splat2] - when cancelling work under crit lock, w/o this series,
	   see [2] for the band aid attempt
    WARNING: possible circular locking dependency detected
    sh/3550 is trying to acquire lock:
    ((wq_completion)iavf){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90
        but task is already holding lock:
    (&dev->lock){+.+.}-{4:4}, at: iavf_remove+0xa6/0x6e0 [iavf]
        which lock already depends on the new lock.

[1] fc2e6b3b132a ("iavf: Rework mutexes for better synchronisation")
[2] https://github.com/pkitszel/linux/commit/52dddbfc2bb60294083f5711a158a

Affected products Warnungen 0 Metrics 1 CWE 0 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 620ab4d6215de0b25227f9fff1a8c7fb66837cb8

Version d1639a17319ba78a018280cd2df6577a7e5d9fab

Status affected

Version < 120f28a6f314fef7f282c99f196923fe44081cad

Version d1639a17319ba78a018280cd2df6577a7e5d9fab

Status affected

Version 2647ff59c52ef42c853c905817ed1a7f092d59a5

Status affected

Version 63d14a43128540016ebd4f7fa3ad3a2f0d6e642c

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.5

Status affected

Version < 6.5

Version 0

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.062

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/620ab4d6215de0b25227f9fff1a8c7fb66837cb8

https://git.kernel.org/stable/c/120f28a6f314fef7f282c99f196923fe44081cad

https://nvd.nist.gov/vuln/detail/CVE-2025-38311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38311

EUVD