CVE-2025-38720

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: hibmcge: fix rtnl deadlock issue

Currently, the hibmcge netdev acquires the rtnl_lock in pci_error_handlers.reset_prepare() and releases it in pci_error_handlers.reset_done().

However, in the PCI framework: pci_reset_bus - __pci_reset_slot - pci_slot_save_and_disable_locked - pci_dev_save_and_disable - err_handler->reset_prepare(dev);

In pci_slot_save_and_disable_locked(): list_for_each_entry(dev, &slot->bus->devices, bus_list) { if (!dev->slot || dev->slot!= slot) continue; pci_dev_save_and_disable(dev); if (dev->subordinate) pci_bus_save_and_disable_locked(dev->subordinate); }

This will iterate through all devices under the current bus and execute err_handler->reset_prepare(), causing two devices of the hibmcge driver to sequentially request the rtnl_lock, leading to a deadlock.

Since the driver now executes netif_device_detach() before the reset process, it will not concurrently with other netdev APIs, so there is no need to hold the rtnl_lock now.

Therefore, this patch removes the rtnl_lock during the reset process and adjusts the position of HBG_NIC_STATE_RESETTING to ensure that multiple resets are not executed concurrently.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3f5a61f6d504f55ed1a36cce044d5123d508721f < d85a6346fd6f595c4914205762d0cdf35c004a5eaffected
LinuxLinux3f5a61f6d504f55ed1a36cce044d5123d508721f < 1343a8994ca7dba78f5dd818e89d68331c21c35daffected
LinuxLinux3f5a61f6d504f55ed1a36cce044d5123d508721f < c875503a9b9082928d7d3fc60b5400d16fbfae4eaffected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.15.11 <= 6.15.*unaffected
LinuxLinux6.16.2 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References