CVE-2025-68232

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition within the virtual ethernet (veth) module can lead to a permanently stalled transmit queue (TXQ). This issue stemmed from a flawed implementation in commit dc82a33297fc, which aimed to apply queue discipline (qdisc) backpressure to reduce transmission drops. The race occurs when the producer observes a full pointer ring and attempts to stop the queue, but the subsequent logic to re-wake the queue can fail, resulting in a "lost wakeup" and halted traffic. The root cause is the incorrect use of the ptr ring empty() API from the producer side, as this check is unreliable when a consumer operates on a different CPU. The fix involves unconditionally flushing the peer using veth xdp flush(rq) in veth xmit() and relocating the logic for waking the peer TXQ to the end of the veth poll() function. This issue was observed in production on ARM64 systems (Ampere Altra Max). The functions involved are veth xmit(), veth poll(), veth xdp rcv(), and veth xdp flush().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.