CVE-2025-38551

16.08.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: fix recursived rtnl_lock() during probe()

The deadlock appears in a stack trace like:

  virtnet_probe()
    rtnl_lock()
    virtio_config_changed_work()
      netdev_notify_peers()
        rtnl_lock()

It happens if the VMM sends a VIRTIO_NET_S_ANNOUNCE request while the
virtio-net driver is still probing.

The config_work in probe() will get scheduled until virtnet_open() enables
the config change notification via virtio_config_driver_enable().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.137-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie (security)	6.12.41-1 fixed
forky	vulnerable
sid	vulnerable
trixie	vulnerable

References

https://git.kernel.org/stable/c/3859f137b3c1fa1f0031d54263234566bdcdd7aa

https://git.kernel.org/stable/c/4e7c46362550b229354aeb52038f414e231b0037

https://git.kernel.org/stable/c/be5dcaed694e4255dc02dd0acfe036708c535def