CVE-2025-38094
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-12-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never exit that loop and have a deadlock. That deadlock was noticed on a sama5d4 device that stayed locked for days. Use retries instead of jiffies so that the timeout really works and we do not have a deadlock anymore.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-12-16
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38094
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.8 (inc) to 5.10.238 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.184 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.140 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.92 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.30 (exc)
linux linux_kernel From 6.13 (inc) to 6.14.8 (exc)
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a deadlock issue in the Linux kernel's net: cadence: macb driver. Specifically, after the THALT signal is set high, the TGO signal remains high as well, causing the system to enter a loop where jiffies (a timer value) are never updated because interrupts are disabled. This results in the system never exiting the loop, causing a deadlock where the device remains locked indefinitely. The fix involves using retries instead of relying on jiffies for timeout, preventing the deadlock.


How can this vulnerability impact me? :

This vulnerability can cause a deadlock in devices using the affected Linux kernel driver, leading to the device becoming unresponsive or locked for extended periods (days). This can result in system hangs, degraded performance, or failure of network-related functions on affected hardware, impacting availability and reliability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by updating the Linux kernel to a version where the macb driver uses retries instead of relying on jiffies for timeout, preventing the deadlock. Therefore, the immediate step is to update your Linux kernel to the patched version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart