CVE-2025-38392
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38392
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38392.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38392
- Downstream
- Related
- Published
- 2025-07-25T12:53:37.175Z
- Modified
- 2025-11-20T09:47:11.228739Z
- Summary
- idpf: convert control queue mutex to a spinlock
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
idpf: convert control queue mutex to a spinlock
With VIRTCHNL2CAPMACFILTER enabled, the following warning is generated on module load:
[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 [ 324.701684] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 1582, name: NetworkManager [ 324.701689] preemptcount: 201, expected: 0 [ 324.701693] RCU nest depth: 0, expected: 0 [ 324.701697] 2 locks held by NetworkManager/1582: [ 324.701702] #0: ffffffff9f7be770 (rtnlmutex){....}-{3:3}, at: rtnlnewlink+0x791/0x21e0 [ 324.701730] #1: ff1100216c380368 (xmitETHER){....}-{2:2}, at: devopen+0x3f0/0x870 [ 324.701749] Preemption disabled at: [ 324.701752] [<ffffffff9cd23b9d>] _devopen+0x3dd/0x870 [ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary) [ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022 [ 324.701774] Call Trace: [ 324.701777] <TASK> [ 324.701779] dumpstacklvl+0x5d/0x80 [ 324.701788] ? _devopen+0x3dd/0x870 [ 324.701793] _mightresched.cold+0x1ef/0x23d <..> [ 324.701818] _mutexlock+0x113/0x1b80 <..> [ 324.701917] idpfctlqcleansq+0xad/0x4b0 [idpf] [ 324.701935] ? kasansavetrack+0x14/0x30 [ 324.701941] idpfmbclean+0x143/0x380 [idpf] <..> [ 324.701991] idpfsendmbmsg+0x111/0x720 [idpf] [ 324.702009] idpfvcxnexec+0x4cc/0x990 [idpf] [ 324.702021] ? rcuiswatching+0x12/0xc0 [ 324.702035] idpfadddelmacfilters+0x3ed/0xb50 [idpf] <..> [ 324.702122] _hwaddrsyncdev+0x1cf/0x300 [ 324.702126] ? findheldlock+0x32/0x90 [ 324.702134] idpfsetrxmode+0x317/0x390 [idpf] [ 324.702152] _devopen+0x3f8/0x870 [ 324.702159] ? _pfxdevopen+0x10/0x10 [ 324.702174] _devchangeflags+0x443/0x650 <..> [ 324.702208] netifchangeflags+0x80/0x160 [ 324.702218] dosetlink.isra.0+0x16a0/0x3960 <..> [ 324.702349] rtnl_newlink+0x12fd/0x21e0
The sequence is as follows: rtnlnewlink()-> _devchangeflags()-> _devopen()-> devsetrxmode() - > # disables BH and grabs "dev->addrlistlock" idpfsetrxmode() -> # proceed only if VIRTCHNL2CAPMACFILTER is ON _devucsync() -> idpfaddmacfilter -> idpfadddelmacfilters -> idpfsendmbmsg() -> idpfmbclean() -> idpfctlqcleansq() # mutexlock(cqlock)
Fix by converting cq_lock to a spinlock. All operations under the new lock are safe except freeing the DMA memory, which may use vunmap(). Fix by requesting a contiguous physical memory for the DMA mapping.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda251eee62133774cf35ff829041377e721ef9c8cFixed9a36715cd6bc6a6f16230e19a7f947bab34b3fe5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda251eee62133774cf35ff829041377e721ef9c8cFixeddc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda251eee62133774cf35ff829041377e721ef9c8cFixedb2beb5bb2cd90d7939e470ed4da468683f41baa3
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_controlq_api.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"179601680007486991217683740352390287374",
"334523940100251141174959902018463767410",
"224403909346760587912690257236641715820",
"333768530195953360038804824543925565820"
]
},
"id": "CVE-2025-38392-19718287",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2beb5bb2cd90d7939e470ed4da468683f41baa3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_controlq.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"109985697650918452433206668507901310444",
"63955735403997988719749872990197047784",
"338271399173391788015852766094621113358",
"133773013994044699934932982264132366303",
"126678472981641877129405810338802770751",
"244063039772650750934973978069056479752",
"190431842461987534259149740204753287421",
"263278881988705107422622861058873305439",
"216495080940455008949090858010772363522",
"2529495097318646164008372866144393787",
"217870937092837657000637745884758282279",
"263101567733118834771329308216055587431",
"219858548827126088223658472245936124402",
"20619414927331379457142877828494552465",
"322479430409358893163269765576105272603",
"159645424346575941238865853673303851084",
"5662883773080280181365415398339377155",
"97126286963879892281023842676950951385",
"136142485760955599754160155314215469677",
"164673898201018215371529759118105834890",
"200860044913223022349092312577489660924",
"162795541036119908984863531764948105674",
"198542623601546449368716129048076496627",
"53376181506269284752304878531137933279",
"197742342046220435899310084047776846767",
"269776717835586700090775414281638050347",
"46340779459994190258555514925936576245",
"90664494005900186256793151248805855997",
"338033905299176869996613658119237262755",
"163096022176198132022456985181978417466",
"235287038468778494311040558576898302809",
"185146599246665437426979222834412738397",
"82532743603453565559160675248126824484",
"169594639640762994679745889732351254352",
"323039122435663651119003355276133378851",
"250679192641177162954563265862960934224",
"79221665524693977238783412617278818287",
"14536832904123947160738530608952647627",
"316657571755784607754293684129894481539",
"200002325039994430408570039002689759529",
"197742342046220435899310084047776846767",
"134304591008299824083113881590096714346",
"20023141131844710588024572031072978831",
"300380208723353790931876333694549426842"
]
},
"id": "CVE-2025-38392-428256de",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2beb5bb2cd90d7939e470ed4da468683f41baa3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_lib.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"109381384437981668844385647270695702856",
"325164799305587046791742460332337880711",
"322873371515784422796753112472884853176",
"126208011916029970644924758830648104517",
"335371480507670299073613062564116064454",
"142145582984566007391210699252688598071",
"264381299307341754617009062745831497773",
"43432927059828707130411956254232995384",
"70618822065599186124908225153169241001",
"128959494540584410190473013698899189819"
]
},
"id": "CVE-2025-38392-5a1e99ae",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_lib.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"109381384437981668844385647270695702856",
"325164799305587046791742460332337880711",
"322873371515784422796753112472884853176",
"126208011916029970644924758830648104517",
"335371480507670299073613062564116064454",
"142145582984566007391210699252688598071",
"264381299307341754617009062745831497773",
"43432927059828707130411956254232995384",
"70618822065599186124908225153169241001",
"128959494540584410190473013698899189819"
]
},
"id": "CVE-2025-38392-831b8054",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2beb5bb2cd90d7939e470ed4da468683f41baa3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_controlq.c",
"function": "idpf_ctlq_shutdown"
},
"digest": {
"length": 215.0,
"function_hash": "188758087718876721705494264479108074580"
},
"id": "CVE-2025-38392-87dc0aa2",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_lib.c",
"function": "idpf_free_dma_mem"
},
"digest": {
"length": 221.0,
"function_hash": "333608940237319363733636292851919894226"
},
"id": "CVE-2025-38392-9d9f011f",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2beb5bb2cd90d7939e470ed4da468683f41baa3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_controlq_api.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"179601680007486991217683740352390287374",
"334523940100251141174959902018463767410",
"224403909346760587912690257236641715820",
"333768530195953360038804824543925565820"
]
},
"id": "CVE-2025-38392-a964febd",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_controlq.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"109985697650918452433206668507901310444",
"63955735403997988719749872990197047784",
"338271399173391788015852766094621113358",
"133773013994044699934932982264132366303",
"126678472981641877129405810338802770751",
"244063039772650750934973978069056479752",
"190431842461987534259149740204753287421",
"263278881988705107422622861058873305439",
"216495080940455008949090858010772363522",
"2529495097318646164008372866144393787",
"217870937092837657000637745884758282279",
"263101567733118834771329308216055587431",
"219858548827126088223658472245936124402",
"20619414927331379457142877828494552465",
"322479430409358893163269765576105272603",
"159645424346575941238865853673303851084",
"5662883773080280181365415398339377155",
"97126286963879892281023842676950951385",
"136142485760955599754160155314215469677",
"164673898201018215371529759118105834890",
"200860044913223022349092312577489660924",
"162795541036119908984863531764948105674",
"198542623601546449368716129048076496627",
"53376181506269284752304878531137933279",
"197742342046220435899310084047776846767",
"269776717835586700090775414281638050347",
"46340779459994190258555514925936576245",
"90664494005900186256793151248805855997",
"338033905299176869996613658119237262755",
"163096022176198132022456985181978417466",
"235287038468778494311040558576898302809",
"185146599246665437426979222834412738397",
"82532743603453565559160675248126824484",
"169594639640762994679745889732351254352",
"323039122435663651119003355276133378851",
"250679192641177162954563265862960934224",
"79221665524693977238783412617278818287",
"14536832904123947160738530608952647627",
"316657571755784607754293684129894481539",
"200002325039994430408570039002689759529",
"197742342046220435899310084047776846767",
"134304591008299824083113881590096714346",
"20023141131844710588024572031072978831",
"300380208723353790931876333694549426842"
]
},
"id": "CVE-2025-38392-b863739f",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_controlq.c",
"function": "idpf_ctlq_shutdown"
},
"digest": {
"length": 215.0,
"function_hash": "188758087718876721705494264479108074580"
},
"id": "CVE-2025-38392-bbcb1137",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2beb5bb2cd90d7939e470ed4da468683f41baa3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_lib.c",
"function": "idpf_alloc_dma_mem"
},
"digest": {
"length": 267.0,
"function_hash": "326960663063000010700163059537577474279"
},
"id": "CVE-2025-38392-d98088e5",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2beb5bb2cd90d7939e470ed4da468683f41baa3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_lib.c",
"function": "idpf_alloc_dma_mem"
},
"digest": {
"length": 267.0,
"function_hash": "326960663063000010700163059537577474279"
},
"id": "CVE-2025-38392-db2dc077",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_lib.c",
"function": "idpf_free_dma_mem"
},
"digest": {
"length": 221.0,
"function_hash": "333608940237319363733636292851919894226"
},
"id": "CVE-2025-38392-fa9d2367",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a",
"signature_version": "v1"
}
]