CVE-2025-38114

Summary

In the Linux kernel, the following vulnerability has been resolved:

e1000: Move cancel_work_sync to avoid deadlock

Previously, e1000_down called cancel_work_sync for the e1000 reset task (via e1000_down_and_stop), which takes RTNL.

As reported by users and syzbot, a deadlock is possible in the following scenario:

CPU 0:

  • RTNL is held
  • e1000_close
  • e1000_down
  • cancel_work_sync (cancel / wait for e1000_reset_task())

CPU 1:

  • process_one_work
  • e1000_reset_task
  • take RTNL

To remedy this, avoid calling cancel_work_sync from e1000_down (e1000_reset_task does nothing if the device is down anyway). Instead, call cancel_work_sync for e1000_reset_task when the device is being removed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe400c7444d84b0fd2ebb34e618f83abe05917543 < 1fd4438ddcc4958ed24662d5125114299e19bae4affected
LinuxLinuxe400c7444d84b0fd2ebb34e618f83abe05917543 < b4a8085ceefb7bbb12c2b71c55e71fc946c6929faffected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.15.3 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References