CVE-2026-45907

Source
https://cve.org/CVERecord?id=CVE-2026-45907
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45907.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45907
Downstream
Published
2026-05-27T12:17:20.424Z
Modified
2026-07-15T01:49:02.023569255Z
Summary
net/mlx5e: Fix deadlocks between devlink and netdev instance locks
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix deadlocks between devlink and netdev instance locks

In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdev_trylock to protect against concurrent tear down of the channels being recovered. But this had the side effect of introducing potential deadlocks because of incorrect lock ordering.

The correct lock order is described by the init flow: probeone -> mlx5initone (acquires devlink lock) -> mlx5initonedevllocked -> mlx5registerdevice -> mlx5rescandriverslocked -...-> mlx5eprobe -> mlx5eprobe -> registernetdev (acquires rtnl lock) -> register_netdevice (acquires netdev lock) => devlink lock -> rtnl lock -> netdev lock.

But in the current recovery flow, the order is wrong: mlx5etxerrcqework (acquires netdev lock) -> mlx5ereportertxerrcqe -> mlx5ehealthreport -> devlinkhealthreport (acquires devlink lock => boom!) -> devlinkhealthreporterrecover -> mlx5etxreporterrecover -> mlx5etxreporterrecoverfromctx -> mlx5etxreportererrcqerecover

The same pattern exists in: mlx5ereporterrxtimeout mlx5ereportertxptpsqunhealthy mlx5ereportertxtimeout

Fix these by moving the netdev_trylock calls from the work handlers lower in the call stack, in the respective recovery functions, where they are actually necessary.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45907.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8f7b00307bf14676b7e7f0210110a36aa0ff3e93
Fixed
4329514c61abefe4961541b128c549b017bab5ad
Fixed
63f9d5fb4d8040077df801ca3270e2f02d55e0d9
Fixed
83ac0304a2d77519dae1e54c9713cbe1aedf19c9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45907.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45907.json"