CVE-2025-23163

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc5

Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the VLAN (Virtual Local Area Network) implementation. This issue arises when a lower device with a VLAN is enslaved, causing the propagation of allmulti/promisc flags during the ndo open operation. As a result, a deadlock can occur due to the re-locking of the real device. The vulnerability is related to missing lock nesting notation and can be triggered by specific device setups, including the use of netdevsim devices and VLANs. Technical details about the exploitation include the dev set allmulti() function and the &dev->lock variable.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel versions prior to 6.14.0-rc5, apply the necessary patches or updates to ensure the kernel is no longer vulnerable to this deadlock issue. As a temporary workaround, consider disabling the VLAN functionality or restricting the use of netdevsim devices until a patched version of the kernel is available.