PT-2025-29031 · Iavf+6 · Iavf+6

Jakub

Published

2025-04-04

Updated

2026-04-20

CVE-2025-38311

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: This issue resolves a critical lock within the iavf driver, eliminating error-prone logic associated with try locks. The resolution involves replacing the critical lock with a netdev lock where applicable, addressing potential deadlocks reported by Lockdep during Virtual Function (VF) removal and work cancellation. The changes extend the protected section of the iavf watchdog task() function to encompass more work scheduling and correct a misplaced comment within iavf reset task(). The initial patch addresses a deadlock during VF removal and a circular locking dependency detected during work cancellation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-883CWE-667

Related Identifiers

AZL-65019

BDU:2025-08635

CVE-2025-38311

ECHO-F400-A0A1-4B5D

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

Iavf

PT-2025-29031 · Iavf+6 · Iavf+6

CVE-2025-38311

Weakness Enumeration

Related Identifiers

Affected Products

References · 1473