CVE-2025-40219

EUVD-2025-201184
In the Linux kernel, the following vulnerability has been resolved:

PCI/IOV: Fix race between SR-IOV enable/disable and hotplug

Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when
enabling/disabling SR-IOV") tried to fix a race between the VF removal
inside sriov_del_vfs() and concurrent hot unplug by taking the PCI
rescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock
was also taken in sriov_add_vfs() to protect addition of VFs.

This approach however causes deadlock on trying to remove PFs with SR-IOV
enabled because PFs disable SR-IOV during removal and this removal happens
under the PCI rescan/remove lock. So the original fix had to be reverted.

Instead of taking the PCI rescan/remove lock in sriov_add_vfs() and
sriov_del_vfs(), fix the race that occurs with SR-IOV enable and disable vs
hotplug higher up in the callchain by taking the lock in
sriov_numvfs_store() before calling into the driver's sriov_configure()
callback.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.19.11-1
fixed
sid
6.19.13-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://git.kernel.org/stable/c/1047ca2d816994f31e1475e63e0c0b7825599747
https://git.kernel.org/stable/c/3cddde484471c602bea04e6f384819d336a1ff84
https://git.kernel.org/stable/c/7c37920c96b85ef4255a7acc795e99e63dd38d59
https://git.kernel.org/stable/c/97c18f074ff1c12d016a0753072a3afdfa0b9611
https://git.kernel.org/stable/c/a5338e365c4559d7b4d7356116b0eb95b12e08d5
https://git.kernel.org/stable/c/bea1d373098b22d7142da48750ce5526096425bc
https://git.kernel.org/stable/c/d7673ac466eca37ec3e6b7cc9ccdb06de3304e9b
https://git.kernel.org/stable/c/f3015627b6e9ddf85cfeaf42405b3c194dde2c36