CVE-2025-37920

EUVD-2025-15945

20.05.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

xsk: Fix race condition in AF_XDP generic RX path

Move rx_lock from xsk_socket to xsk_buff_pool.
Fix synchronization for shared umem mode in
generic RX path where multiple sockets share
single xsk_buff_pool.

RX queue is exclusive to xsk_socket, while FILL
queue can be shared between multiple sockets.
This could result in race condition where two
CPU cores access RX path of two different sockets
sharing the same umem.

Protect both queues by acquiring spinlock in shared
xsk_buff_pool.

Lock contention may be minimized in the future by some
per-thread FQ buffering.

It's safe and necessary to move spin_lock_bh(rx_lock)
after xsk_rcv_check():
* xs->pool and spinlock_init is synchronized by
  xsk_bind() -> xsk_is_bound() memory barriers.
* xsk_rcv_check() may return true at the moment
  of xsk_release() or xsk_unbind_dev(),
  however this will not cause any data races or
  race conditions. xsk_unbind_dev() removes xdp
  socket from all maps and waits for completion
  of all outstanding rx operations. Packets in
  RX path will either complete safely or drop.

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.1.20 ≤ 𝑥 < 5.2
linux	linux_kernel	5.2.3 ≤ 𝑥 < 6.12.28
linux	linux_kernel	6.13 ≤ 𝑥 < 6.14.6
linux	linux_kernel	6.15:rc1
linux	linux_kernel	6.15:rc2
linux	linux_kernel	6.15:rc3
linux	linux_kernel	6.15:rc4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	7.0.9-1 fixed
sid	7.0.10-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

linux-6.1

bullseye (security)

6.1.174-1~deb11u1

fixed

openSUSE / SLES Releases

openSUSE Product

Release

cluster-md-kmp-default

suse enterprise server 12 SP5

4.12.14-122.269.1

fixed

dlm-kmp-default

suse enterprise server 12 SP5

4.12.14-122.269.1

fixed

gfs2-kmp-default

suse enterprise server 12 SP5

4.12.14-122.269.1

fixed

kernel-64kb

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

kernel-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.48.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.11.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.48.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.11.1 fixed

kernel-default

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 12 SP5	4.12.14-122.269.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

kernel-default-base

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1.150600.12.28.4 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1.150700.17.9.4 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1.150600.12.28.4 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1.150700.17.9.4 fixed
suse enterprise server 12 SP5	4.12.14-122.269.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1.150600.12.28.4 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1.150700.17.9.4 fixed

kernel-default-man

suse enterprise server 12 SP5

4.12.14-122.269.1

fixed

kernel-docs

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.3 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.3 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.3 fixed

kernel-macros

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 12 SP5	4.12.14-122.269.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

kernel-source

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 12 SP5	4.12.14-122.269.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

kernel-source-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.48.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.11.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.48.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.11.1 fixed

kernel-syms

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 12 SP5	4.12.14-122.269.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

kernel-syms-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.48.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.11.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.48.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.11.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.11.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.65.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.11.1 fixed

ocfs2-kmp-default

suse enterprise server 12 SP5

4.12.14-122.269.1

fixed

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://git.kernel.org/stable/c/65d3c570614b892257dc58a1b202908242ecf8fd

https://git.kernel.org/stable/c/75a240a3e8abf17b9e00b0ef0492b1bbaa932251

https://git.kernel.org/stable/c/975b372313dc018b9bd6cc0d85d188787054b19e

https://git.kernel.org/stable/c/a1356ac7749cafc4e27aa62c0c4604b5dca4983e

https://git.kernel.org/stable/c/b6978c565ce33658543c637060852434b4248d30