CVE-2025-38551

16.08.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: fix recursived rtnl_lock() during probe()

The deadlock appears in a stack trace like:

  virtnet_probe()
    rtnl_lock()
    virtio_config_changed_work()
      netdev_notify_peers()
        rtnl_lock()

It happens if the VMM sends a VIRTIO_NET_S_ANNOUNCE request while the
virtio-net driver is still probing.

The config_work in probe() will get scheduled until virtnet_open() enables
the config change notification via virtio_config_driver_enable().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Vendor	Product	Version
linux	linux_kernel	6.11.2 ≤ 𝑥 < 6.12.40
linux	linux_kernel	6.13 ≤ 𝑥 < 6.15.8
linux	linux_kernel	6.16:rc1
linux	linux_kernel	6.16:rc2
linux	linux_kernel	6.16:rc3
linux	linux_kernel	6.16:rc4
linux	linux_kernel	6.16:rc5
linux	linux_kernel	6.16:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.247-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

https://git.kernel.org/stable/c/3859f137b3c1fa1f0031d54263234566bdcdd7aa

https://git.kernel.org/stable/c/4e7c46362550b229354aeb52038f414e231b0037

https://git.kernel.org/stable/c/be5dcaed694e4255dc02dd0acfe036708c535def