CVE-2025-38114

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A deadlock issue has been identified in the Linux kernel, specifically in the e1000 driver. The problem occurs when e1000 down calls cancel work sync for the e1000 reset task, which can lead to a deadlock scenario. This happens when one CPU holds the RTNL lock and calls cancel work sync, while another CPU tries to take the RTNL lock in the e1000 reset task. The issue has been reported by users and syzbot.

Recommendations: To resolve this issue, the cancel work sync call for e1000 reset task has been moved from e1000 down to when the device is being removed. This change avoids the deadlock scenario by not calling cancel work sync from e1000 down, as e1000 reset task does nothing if the device is down anyway.

Note: Since the provided information does not specify the exact affected versions or a fixed version, it is not possible to provide version-specific recommendations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.