5.5

CVE-2026-46165

openvswitch: vport: fix self-deadlock on release of tunnel ports

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: vport: fix self-deadlock on release of tunnel ports

vports are used concurrently and protected by RCU, so netdev_put()
must happen after the RCU grace period.  So, either in an RCU call or
after the synchronize_net().  The rtnl_delete_link() must happen under
RTNL and so can't be executed in RCU context.  Calling synchronize_net()
while holding RTNL is not a good idea for performance and system
stability under load in general, so calling netdev_put() in RCU call
is the right solution here.

However,
when the device is deleted, rtnl_unlock() will call netdev_run_todo()
and block until all the references are gone.  In the current code this
means that we never reach the call_rcu() and the vport is never freed
and the reference is never released, causing a self-deadlock on device
removal.

Fix that by moving the rcu_call() before the rtnl_unlock(), so the
scheduled RCU callback will be executed when synchronize_net() is
called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself
is already released.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1.168 < 6.1.175
LinuxLinux Kernel Version >= 6.6.131 < 6.6.140
LinuxLinux Kernel Version >= 6.12.80 < 6.12.88
LinuxLinux Kernel Version >= 6.18.21 < 6.18.30
LinuxLinux Kernel Version >= 6.19.11 < 7.0
LinuxLinux Kernel Version >= 7.0.1 < 7.0.7
LinuxLinux Kernel Version7.0 Update-
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.01
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413
Patch
https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
Patch
https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
Patch
https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
Patch
https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296
Patch
https://git.kernel.org/stable/c/8ae6c15fc473c9ad03b0173330cce9a092c76154
Patch