5.5
CVE-2026-46165
- EPSS 0.1%
- Veröffentlicht 28.05.2026 09:36:20
- Zuletzt bearbeitet 10.06.2026 21:14:22
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
openvswitch: vport: fix self-deadlock on release of tunnel ports
In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdev_put() must happen after the RCU grace period. So, either in an RCU call or after the synchronize_net(). The rtnl_delete_link() must happen under RTNL and so can't be executed in RCU context. Calling synchronize_net() while holding RTNL is not a good idea for performance and system stability under load in general, so calling netdev_put() in RCU call is the right solution here. However, when the device is deleted, rtnl_unlock() will call netdev_run_todo() and block until all the references are gone. In the current code this means that we never reach the call_rcu() and the vport is never freed and the reference is never released, causing a self-deadlock on device removal. Fix that by moving the rcu_call() before the rtnl_unlock(), so the scheduled RCU callback will be executed when synchronize_net() is called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself is already released.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.1.168 < 6.1.175
Linux ≫ Linux Kernel Version >= 6.6.131 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.12.80 < 6.12.88
Linux ≫ Linux Kernel Version >= 6.18.21 < 6.18.30
Linux ≫ Linux Kernel Version >= 6.19.11 < 7.0
Linux ≫ Linux Kernel Version >= 7.0.1 < 7.0.7
Linux ≫ Linux Kernel Version7.0 Update-
Linux ≫ Linux Kernel Version7.0 Updaterc6
Linux ≫ Linux Kernel Version7.0 Updaterc7
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.01 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413
https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296
https://git.kernel.org/stable/c/8ae6c15fc473c9ad03b0173330cce9a092c76154