CVE-2025-40347

EPSS 0.03%
Veröffentlicht 16.12.2025 13:30:21
Zuletzt bearbeitet 18.12.2025 15:08:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: enetc: fix the deadlock of enetc_mdio_lock

After applying the workaround for err050089, the LS1028A platform
experiences RCU stalls on RT kernel. This issue is caused by the
recursive acquisition of the read lock enetc_mdio_lock. Here list some
of the call stacks identified under the enetc_poll path that may lead to
a deadlock:

enetc_poll
  -> enetc_lock_mdio
  -> enetc_clean_rx_ring OR napi_complete_done
     -> napi_gro_receive
        -> enetc_start_xmit
           -> enetc_lock_mdio
           -> enetc_map_tx_buffs
           -> enetc_unlock_mdio
  -> enetc_unlock_mdio

After enetc_poll acquires the read lock, a higher-priority writer attempts
to acquire the lock, causing preemption. The writer detects that a
read lock is already held and is scheduled out. However, readers under
enetc_poll cannot acquire the read lock again because a writer is already
waiting, leading to a thread hang.

Currently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent
recursive lock acquisition.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 2781ca82ce8cad263d80b617addb727e6a84c9e5

Version 6d36ecdbc4410e61a0e02adc5d3abeee22a8ffd3

Status affected

Version < 1f92f5bd057a4fad9dab6af17963cdd21e5da6ed

Version 6d36ecdbc4410e61a0e02adc5d3abeee22a8ffd3

Status affected

Version < 2e55a49dc3b2a6b23329e4fbbd8a5feb20e220aa

Version 6d36ecdbc4410e61a0e02adc5d3abeee22a8ffd3

Status affected

Version < 50bd33f6b3922a6b760aa30d409cae891cec8fb5

Version 6d36ecdbc4410e61a0e02adc5d3abeee22a8ffd3

Status affected

Version bf9c564716a13dde6a990d3b02c27cd6e39608bf

Status affected

Version ff966263f5f9fdf9740f03fed0762ce73c230a6a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.12

Status affected

Version < 5.12

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.115

Status unaffected

Version <= 6.12.*

Version 6.12.56

Status unaffected

Version <= 6.17.*

Version 6.17.6

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/2781ca82ce8cad263d80b617addb727e6a84c9e5

https://git.kernel.org/stable/c/1f92f5bd057a4fad9dab6af17963cdd21e5da6ed

https://git.kernel.org/stable/c/2e55a49dc3b2a6b23329e4fbbd8a5feb20e220aa

https://git.kernel.org/stable/c/50bd33f6b3922a6b760aa30d409cae891cec8fb5

https://nvd.nist.gov/vuln/detail/CVE-2025-40347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40347

EUVD