4.7

CVE-2025-38617

net/packet: fix a race in packet_set_ring() and packet_notifier()

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix a race in packet_set_ring() and packet_notifier()

When packet_set_ring() releases po->bind_lock, another thread can
run packet_notifier() and process an NETDEV_UP event.

This race and the fix are both similar to that of commit 15fe076edea7
("net/packet: fix a race in packet_bind() and packet_notifier()").

There too the packet_notifier NETDEV_UP event managed to run while a
po->bind_lock critical section had to be temporarily released. And
the fix was similarly to temporarily set po->num to zero to keep
the socket unhooked until the lock is retaken.

The po->bind_lock in packet_set_ring and packet_notifier precede the
introduction of git history.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.13 < 5.4.297
LinuxLinux Kernel Version >= 5.5 < 5.10.241
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.148
LinuxLinux Kernel Version >= 6.2 < 6.6.102
LinuxLinux Kernel Version >= 6.7 < 6.12.42
LinuxLinux Kernel Version >= 6.13 < 6.15.10
LinuxLinux Kernel Version >= 6.16 < 6.16.1
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.203
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/7de07705007c7e34995a5599aaab1d23e762d7ca
Patch
https://git.kernel.org/stable/c/88caf46db8239e6471413d28aabaa6b8bd552805
Patch
https://git.kernel.org/stable/c/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df
Patch
https://git.kernel.org/stable/c/e50ccfaca9e3c671cae917dcb994831a859cf588
Patch
https://git.kernel.org/stable/c/f1791fd7b845bea0ce9674fcf2febee7bc87a893
Patch
https://git.kernel.org/stable/c/01d3c8417b9c1b884a8a981a3b886da556512f36
Patch
https://git.kernel.org/stable/c/18f13f2a83eb81be349a9757ba2141ff1da9ad73
Patch
https://git.kernel.org/stable/c/7da733f117533e9b2ebbd530a22ae4028713955c
Patch
https://git.kernel.org/stable/c/ba2257034755ae773722f15f4c3ad1dcdad15ca9
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
https://github.com/google/security-research/pull/339