ghsa-r9fm-4g8c-9hfh
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
net: enetc: fix the deadlock of enetc_mdio_lock
After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the read lock enetc_mdio_lock. Here list some of the call stacks identified under the enetc_poll path that may lead to a deadlock:
enetc_poll -> enetc_lock_mdio -> enetc_clean_rx_ring OR napi_complete_done -> napi_gro_receive -> enetc_start_xmit -> enetc_lock_mdio -> enetc_map_tx_buffs -> enetc_unlock_mdio -> enetc_unlock_mdio
After enetc_poll acquires the read lock, a higher-priority writer attempts to acquire the lock, causing preemption. The writer detects that a read lock is already held and is scheduled out. However, readers under enetc_poll cannot acquire the read lock again because a writer is already waiting, leading to a thread hang.
Currently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent recursive lock acquisition.
{
"affected": [],
"aliases": [
"CVE-2025-40347"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-16T14:15:46Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: fix the deadlock of enetc_mdio_lock\n\nAfter applying the workaround for err050089, the LS1028A platform\nexperiences RCU stalls on RT kernel. This issue is caused by the\nrecursive acquisition of the read lock enetc_mdio_lock. Here list some\nof the call stacks identified under the enetc_poll path that may lead to\na deadlock:\n\nenetc_poll\n -\u003e enetc_lock_mdio\n -\u003e enetc_clean_rx_ring OR napi_complete_done\n -\u003e napi_gro_receive\n -\u003e enetc_start_xmit\n -\u003e enetc_lock_mdio\n -\u003e enetc_map_tx_buffs\n -\u003e enetc_unlock_mdio\n -\u003e enetc_unlock_mdio\n\nAfter enetc_poll acquires the read lock, a higher-priority writer attempts\nto acquire the lock, causing preemption. The writer detects that a\nread lock is already held and is scheduled out. However, readers under\nenetc_poll cannot acquire the read lock again because a writer is already\nwaiting, leading to a thread hang.\n\nCurrently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent\nrecursive lock acquisition.",
"id": "GHSA-r9fm-4g8c-9hfh",
"modified": "2025-12-16T15:30:42Z",
"published": "2025-12-16T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40347"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f92f5bd057a4fad9dab6af17963cdd21e5da6ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2781ca82ce8cad263d80b617addb727e6a84c9e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e55a49dc3b2a6b23329e4fbbd8a5feb20e220aa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50bd33f6b3922a6b760aa30d409cae891cec8fb5"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.