CVE-2025-38720

EPSS 0.02%
Published 04.09.2025 15:33:14
Last modified 05.09.2025 17:47:24
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

net: hibmcge: fix rtnl deadlock issue

Currently, the hibmcge netdev acquires the rtnl_lock in
pci_error_handlers.reset_prepare() and releases it in
pci_error_handlers.reset_done().

However, in the PCI framework:
pci_reset_bus - __pci_reset_slot - pci_slot_save_and_disable_locked -
 pci_dev_save_and_disable - err_handler->reset_prepare(dev);

In pci_slot_save_and_disable_locked():
	list_for_each_entry(dev, &slot->bus->devices, bus_list) {
		if (!dev->slot || dev->slot!= slot)
			continue;
		pci_dev_save_and_disable(dev);
		if (dev->subordinate)
			pci_bus_save_and_disable_locked(dev->subordinate);
	}

This will iterate through all devices under the current bus and execute
err_handler->reset_prepare(), causing two devices of the hibmcge driver
to sequentially request the rtnl_lock, leading to a deadlock.

Since the driver now executes netif_device_detach()
before the reset process, it will not concurrently with
other netdev APIs, so there is no need to hold the rtnl_lock now.

Therefore, this patch removes the rtnl_lock during the reset process and
adjusts the position of HBG_NIC_STATE_RESETTING to ensure
that multiple resets are not executed concurrently.

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < d85a6346fd6f595c4914205762d0cdf35c004a5e

Version 3f5a61f6d504f55ed1a36cce044d5123d508721f

Status affected

Version < 1343a8994ca7dba78f5dd818e89d68331c21c35d

Version 3f5a61f6d504f55ed1a36cce044d5123d508721f

Status affected

Version < c875503a9b9082928d7d3fc60b5400d16fbfae4e

Version 3f5a61f6d504f55ed1a36cce044d5123d508721f

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.14

Status affected

Version < 6.14

Version 0

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.051

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/d85a6346fd6f595c4914205762d0cdf35c004a5e

https://git.kernel.org/stable/c/1343a8994ca7dba78f5dd818e89d68331c21c35d

https://git.kernel.org/stable/c/c875503a9b9082928d7d3fc60b5400d16fbfae4e

https://nvd.nist.gov/vuln/detail/CVE-2025-38720

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38720

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38720

EUVD