CVE-2025-39831 (GCVE-0-2025-39831)
Vulnerability from cvelistv5
Published
2025-09-16 13:08
Modified
2025-09-16 13:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fbnic: Move phylink resume out of service_task and into open/close The fbnic driver was presenting with the following locking assert coming out of a PM resume: [ 42.208116][ T164] RTNL: assertion failed at drivers/net/phy/phylink.c (2611) [ 42.208492][ T164] WARNING: CPU: 1 PID: 164 at drivers/net/phy/phylink.c:2611 phylink_resume+0x190/0x1e0 [ 42.208872][ T164] Modules linked in: [ 42.209140][ T164] CPU: 1 UID: 0 PID: 164 Comm: bash Not tainted 6.17.0-rc2-virtme #134 PREEMPT(full) [ 42.209496][ T164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014 [ 42.209861][ T164] RIP: 0010:phylink_resume+0x190/0x1e0 [ 42.210057][ T164] Code: 83 e5 01 0f 85 b0 fe ff ff c6 05 1c cd 3e 02 01 90 ba 33 0a 00 00 48 c7 c6 20 3a 1d a5 48 c7 c7 e0 3e 1d a5 e8 21 b8 90 fe 90 <0f> 0b 90 90 e9 86 fe ff ff e8 42 ea 1f ff e9 e2 fe ff ff 48 89 ef [ 42.210708][ T164] RSP: 0018:ffffc90000affbd8 EFLAGS: 00010296 [ 42.210983][ T164] RAX: 0000000000000000 RBX: ffff8880078d8400 RCX: 0000000000000000 [ 42.211235][ T164] RDX: 0000000000000000 RSI: 1ffffffff4f10938 RDI: 0000000000000001 [ 42.211466][ T164] RBP: 0000000000000000 R08: ffffffffa2ae79ea R09: fffffbfff4b3eb84 [ 42.211707][ T164] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888007ad8000 [ 42.211997][ T164] R13: 0000000000000002 R14: ffff888006a18800 R15: ffffffffa34c59e0 [ 42.212234][ T164] FS: 00007f0dc8e39740(0000) GS:ffff88808f51f000(0000) knlGS:0000000000000000 [ 42.212505][ T164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.212704][ T164] CR2: 00007f0dc8e9fe10 CR3: 000000000b56d003 CR4: 0000000000772ef0 [ 42.213227][ T164] PKRU: 55555554 [ 42.213366][ T164] Call Trace: [ 42.213483][ T164] <TASK> [ 42.213565][ T164] __fbnic_pm_attach.isra.0+0x8e/0xa0 [ 42.213725][ T164] pci_reset_function+0x116/0x1d0 [ 42.213895][ T164] reset_store+0xa0/0x100 [ 42.214025][ T164] ? pci_dev_reset_attr_is_visible+0x50/0x50 [ 42.214221][ T164] ? sysfs_file_kobj+0xc1/0x1e0 [ 42.214374][ T164] ? sysfs_kf_write+0x65/0x160 [ 42.214526][ T164] kernfs_fop_write_iter+0x2f8/0x4c0 [ 42.214677][ T164] ? kernfs_vma_page_mkwrite+0x1f0/0x1f0 [ 42.214836][ T164] new_sync_write+0x308/0x6f0 [ 42.214987][ T164] ? __lock_acquire+0x34c/0x740 [ 42.215135][ T164] ? new_sync_read+0x6f0/0x6f0 [ 42.215288][ T164] ? lock_acquire.part.0+0xbc/0x260 [ 42.215440][ T164] ? ksys_write+0xff/0x200 [ 42.215590][ T164] ? perf_trace_sched_switch+0x6d0/0x6d0 [ 42.215742][ T164] vfs_write+0x65e/0xbb0 [ 42.215876][ T164] ksys_write+0xff/0x200 [ 42.215994][ T164] ? __ia32_sys_read+0xc0/0xc0 [ 42.216141][ T164] ? do_user_addr_fault+0x269/0x9f0 [ 42.216292][ T164] ? rcu_is_watching+0x15/0xd0 [ 42.216442][ T164] do_syscall_64+0xbb/0x360 [ 42.216591][ T164] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 42.216784][ T164] RIP: 0033:0x7f0dc8ea9986 A bit of digging showed that we were invoking the phylink_resume as a part of the fbnic_up path when we were enabling the service task while not holding the RTNL lock. We should be enabling this sooner as a part of the ndo_open path and then just letting the service task come online later. This will help to enforce the correct locking and brings the phylink interface online at the same time as the network interface, instead of at a later time. I tested this on QEMU to verify this was working by putting the system to sleep using "echo mem > /sys/power/state" to put the system to sleep in the guest and then using the command "system_wakeup" in the QEMU monitor.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ac5f54e47eb348a4bc26e600c63b4d778a22e23
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6ede14a2c6365e7e5d855643c7c8390b5268c467
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7aab65c62a8a8b48c02e600fe9367b2af662fcb6
Impacted products
Vendor Product Version
Linux Linux Version: 69684376eed517817251ea6a768cfc315350d5c1
Version: 69684376eed517817251ea6a768cfc315350d5c1
Version: 69684376eed517817251ea6a768cfc315350d5c1
 Create a notification for this product.
   Linux Linux Version: 6.11
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/meta/fbnic/fbnic_netdev.c",
            "drivers/net/ethernet/meta/fbnic/fbnic_pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7aab65c62a8a8b48c02e600fe9367b2af662fcb6",
              "status": "affected",
              "version": "69684376eed517817251ea6a768cfc315350d5c1",
              "versionType": "git"
            },
            {
              "lessThan": "3ac5f54e47eb348a4bc26e600c63b4d778a22e23",
              "status": "affected",
              "version": "69684376eed517817251ea6a768cfc315350d5c1",
              "versionType": "git"
            },
            {
              "lessThan": "6ede14a2c6365e7e5d855643c7c8390b5268c467",
              "status": "affected",
              "version": "69684376eed517817251ea6a768cfc315350d5c1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/meta/fbnic/fbnic_netdev.c",
            "drivers/net/ethernet/meta/fbnic/fbnic_pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.45",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.5",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc4",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbnic: Move phylink resume out of service_task and into open/close\n\nThe fbnic driver was presenting with the following locking assert coming\nout of a PM resume:\n[   42.208116][  T164] RTNL: assertion failed at drivers/net/phy/phylink.c (2611)\n[   42.208492][  T164] WARNING: CPU: 1 PID: 164 at drivers/net/phy/phylink.c:2611 phylink_resume+0x190/0x1e0\n[   42.208872][  T164] Modules linked in:\n[   42.209140][  T164] CPU: 1 UID: 0 PID: 164 Comm: bash Not tainted 6.17.0-rc2-virtme #134 PREEMPT(full)\n[   42.209496][  T164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[   42.209861][  T164] RIP: 0010:phylink_resume+0x190/0x1e0\n[   42.210057][  T164] Code: 83 e5 01 0f 85 b0 fe ff ff c6 05 1c cd 3e 02 01 90 ba 33 0a 00 00 48 c7 c6 20 3a 1d a5 48 c7 c7 e0 3e 1d a5 e8 21 b8 90 fe 90 \u003c0f\u003e 0b 90 90 e9 86 fe ff ff e8 42 ea 1f ff e9 e2 fe ff ff 48 89 ef\n[   42.210708][  T164] RSP: 0018:ffffc90000affbd8 EFLAGS: 00010296\n[   42.210983][  T164] RAX: 0000000000000000 RBX: ffff8880078d8400 RCX: 0000000000000000\n[   42.211235][  T164] RDX: 0000000000000000 RSI: 1ffffffff4f10938 RDI: 0000000000000001\n[   42.211466][  T164] RBP: 0000000000000000 R08: ffffffffa2ae79ea R09: fffffbfff4b3eb84\n[   42.211707][  T164] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888007ad8000\n[   42.211997][  T164] R13: 0000000000000002 R14: ffff888006a18800 R15: ffffffffa34c59e0\n[   42.212234][  T164] FS:  00007f0dc8e39740(0000) GS:ffff88808f51f000(0000) knlGS:0000000000000000\n[   42.212505][  T164] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   42.212704][  T164] CR2: 00007f0dc8e9fe10 CR3: 000000000b56d003 CR4: 0000000000772ef0\n[   42.213227][  T164] PKRU: 55555554\n[   42.213366][  T164] Call Trace:\n[   42.213483][  T164]  \u003cTASK\u003e\n[   42.213565][  T164]  __fbnic_pm_attach.isra.0+0x8e/0xa0\n[   42.213725][  T164]  pci_reset_function+0x116/0x1d0\n[   42.213895][  T164]  reset_store+0xa0/0x100\n[   42.214025][  T164]  ? pci_dev_reset_attr_is_visible+0x50/0x50\n[   42.214221][  T164]  ? sysfs_file_kobj+0xc1/0x1e0\n[   42.214374][  T164]  ? sysfs_kf_write+0x65/0x160\n[   42.214526][  T164]  kernfs_fop_write_iter+0x2f8/0x4c0\n[   42.214677][  T164]  ? kernfs_vma_page_mkwrite+0x1f0/0x1f0\n[   42.214836][  T164]  new_sync_write+0x308/0x6f0\n[   42.214987][  T164]  ? __lock_acquire+0x34c/0x740\n[   42.215135][  T164]  ? new_sync_read+0x6f0/0x6f0\n[   42.215288][  T164]  ? lock_acquire.part.0+0xbc/0x260\n[   42.215440][  T164]  ? ksys_write+0xff/0x200\n[   42.215590][  T164]  ? perf_trace_sched_switch+0x6d0/0x6d0\n[   42.215742][  T164]  vfs_write+0x65e/0xbb0\n[   42.215876][  T164]  ksys_write+0xff/0x200\n[   42.215994][  T164]  ? __ia32_sys_read+0xc0/0xc0\n[   42.216141][  T164]  ? do_user_addr_fault+0x269/0x9f0\n[   42.216292][  T164]  ? rcu_is_watching+0x15/0xd0\n[   42.216442][  T164]  do_syscall_64+0xbb/0x360\n[   42.216591][  T164]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[   42.216784][  T164] RIP: 0033:0x7f0dc8ea9986\n\nA bit of digging showed that we were invoking the phylink_resume as a part\nof the fbnic_up path when we were enabling the service task while not\nholding the RTNL lock. We should be enabling this sooner as a part of the\nndo_open path and then just letting the service task come online later.\nThis will help to enforce the correct locking and brings the phylink\ninterface online at the same time as the network interface, instead of at a\nlater time.\n\nI tested this on QEMU to verify this was working by putting the system to\nsleep using \"echo mem \u003e /sys/power/state\" to put the system to sleep in the\nguest and then using the command \"system_wakeup\" in the QEMU monitor."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T13:08:48.841Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7aab65c62a8a8b48c02e600fe9367b2af662fcb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ac5f54e47eb348a4bc26e600c63b4d778a22e23"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ede14a2c6365e7e5d855643c7c8390b5268c467"
        }
      ],
      "title": "fbnic: Move phylink resume out of service_task and into open/close",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39831",
    "datePublished": "2025-09-16T13:08:48.841Z",
    "dateReserved": "2025-04-16T07:20:57.140Z",
    "dateUpdated": "2025-09-16T13:08:48.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-39831\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-16T14:15:51.320\",\"lastModified\":\"2025-09-17T14:18:55.093\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfbnic: Move phylink resume out of service_task and into open/close\\n\\nThe fbnic driver was presenting with the following locking assert coming\\nout of a PM resume:\\n[   42.208116][  T164] RTNL: assertion failed at drivers/net/phy/phylink.c (2611)\\n[   42.208492][  T164] WARNING: CPU: 1 PID: 164 at drivers/net/phy/phylink.c:2611 phylink_resume+0x190/0x1e0\\n[   42.208872][  T164] Modules linked in:\\n[   42.209140][  T164] CPU: 1 UID: 0 PID: 164 Comm: bash Not tainted 6.17.0-rc2-virtme #134 PREEMPT(full)\\n[   42.209496][  T164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\\n[   42.209861][  T164] RIP: 0010:phylink_resume+0x190/0x1e0\\n[   42.210057][  T164] Code: 83 e5 01 0f 85 b0 fe ff ff c6 05 1c cd 3e 02 01 90 ba 33 0a 00 00 48 c7 c6 20 3a 1d a5 48 c7 c7 e0 3e 1d a5 e8 21 b8 90 fe 90 \u003c0f\u003e 0b 90 90 e9 86 fe ff ff e8 42 ea 1f ff e9 e2 fe ff ff 48 89 ef\\n[   42.210708][  T164] RSP: 0018:ffffc90000affbd8 EFLAGS: 00010296\\n[   42.210983][  T164] RAX: 0000000000000000 RBX: ffff8880078d8400 RCX: 0000000000000000\\n[   42.211235][  T164] RDX: 0000000000000000 RSI: 1ffffffff4f10938 RDI: 0000000000000001\\n[   42.211466][  T164] RBP: 0000000000000000 R08: ffffffffa2ae79ea R09: fffffbfff4b3eb84\\n[   42.211707][  T164] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888007ad8000\\n[   42.211997][  T164] R13: 0000000000000002 R14: ffff888006a18800 R15: ffffffffa34c59e0\\n[   42.212234][  T164] FS:  00007f0dc8e39740(0000) GS:ffff88808f51f000(0000) knlGS:0000000000000000\\n[   42.212505][  T164] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[   42.212704][  T164] CR2: 00007f0dc8e9fe10 CR3: 000000000b56d003 CR4: 0000000000772ef0\\n[   42.213227][  T164] PKRU: 55555554\\n[   42.213366][  T164] Call Trace:\\n[   42.213483][  T164]  \u003cTASK\u003e\\n[   42.213565][  T164]  __fbnic_pm_attach.isra.0+0x8e/0xa0\\n[   42.213725][  T164]  pci_reset_function+0x116/0x1d0\\n[   42.213895][  T164]  reset_store+0xa0/0x100\\n[   42.214025][  T164]  ? pci_dev_reset_attr_is_visible+0x50/0x50\\n[   42.214221][  T164]  ? sysfs_file_kobj+0xc1/0x1e0\\n[   42.214374][  T164]  ? sysfs_kf_write+0x65/0x160\\n[   42.214526][  T164]  kernfs_fop_write_iter+0x2f8/0x4c0\\n[   42.214677][  T164]  ? kernfs_vma_page_mkwrite+0x1f0/0x1f0\\n[   42.214836][  T164]  new_sync_write+0x308/0x6f0\\n[   42.214987][  T164]  ? __lock_acquire+0x34c/0x740\\n[   42.215135][  T164]  ? new_sync_read+0x6f0/0x6f0\\n[   42.215288][  T164]  ? lock_acquire.part.0+0xbc/0x260\\n[   42.215440][  T164]  ? ksys_write+0xff/0x200\\n[   42.215590][  T164]  ? perf_trace_sched_switch+0x6d0/0x6d0\\n[   42.215742][  T164]  vfs_write+0x65e/0xbb0\\n[   42.215876][  T164]  ksys_write+0xff/0x200\\n[   42.215994][  T164]  ? __ia32_sys_read+0xc0/0xc0\\n[   42.216141][  T164]  ? do_user_addr_fault+0x269/0x9f0\\n[   42.216292][  T164]  ? rcu_is_watching+0x15/0xd0\\n[   42.216442][  T164]  do_syscall_64+0xbb/0x360\\n[   42.216591][  T164]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\\n[   42.216784][  T164] RIP: 0033:0x7f0dc8ea9986\\n\\nA bit of digging showed that we were invoking the phylink_resume as a part\\nof the fbnic_up path when we were enabling the service task while not\\nholding the RTNL lock. We should be enabling this sooner as a part of the\\nndo_open path and then just letting the service task come online later.\\nThis will help to enforce the correct locking and brings the phylink\\ninterface online at the same time as the network interface, instead of at a\\nlater time.\\n\\nI tested this on QEMU to verify this was working by putting the system to\\nsleep using \\\"echo mem \u003e /sys/power/state\\\" to put the system to sleep in the\\nguest and then using the command \\\"system_wakeup\\\" in the QEMU monitor.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3ac5f54e47eb348a4bc26e600c63b4d778a22e23\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6ede14a2c6365e7e5d855643c7c8390b5268c467\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7aab65c62a8a8b48c02e600fe9367b2af662fcb6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.