CVE-2025-38150
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-11-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: af_packet: move notifier's packet_dev_mc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 __mutex_lock+0x106/0xe80 kernel/locking/mutex.c:746 team_change_rx_flags+0x38/0x220 drivers/net/team/team_core.c:1781 dev_change_rx_flags net/core/dev.c:9145 [inline] __dev_set_promiscuity+0x3f8/0x590 net/core/dev.c:9189 netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201 dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286 packet_dev_mc net/packet/af_packet.c:3698 [inline] packet_dev_mclist_delete net/packet/af_packet.c:3722 [inline] packet_notifier+0x292/0xa60 net/packet/af_packet.c:4247 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85 call_netdevice_notifiers_extack net/core/dev.c:2214 [inline] call_netdevice_notifiers net/core/dev.c:2228 [inline] unregister_netdevice_many_notify+0x15d8/0x2330 net/core/dev.c:11972 rtnl_delete_link net/core/rtnetlink.c:3522 [inline] rtnl_dellink+0x488/0x710 net/core/rtnetlink.c:3564 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6955 netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534 Calling `PACKET_ADD_MEMBERSHIP` on an ops-locked device can trigger the `NETDEV_UNREGISTER` notifier, which may require disabling promiscuous and/or allmulti mode. Both of these operations require acquiring the netdev instance lock. Move the call to `packet_dev_mc` outside of the RCU critical section. The `mclist` modifications (add, del, flush, unregister) are protected by the RTNL, not the RCU. The RCU only protects the `sklist` and its associated `sks`. The delayed operation on the `mclist` entry remains within the RTNL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-11-20
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38150
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves improper handling of locking mechanisms when modifying network device multicast lists. Specifically, a sleeping function was called from an invalid context within a Read-Copy-Update (RCU) critical section, which is not allowed. The issue arises when calling PACKET_ADD_MEMBERSHIP on a device that is locked for operations, triggering a network device unregister notifier that requires disabling promiscuous or all-multicast modes. These operations need to acquire the network device instance lock, which was incorrectly done inside the RCU critical section. The fix moves the call to packet_dev_mc outside the RCU critical section to ensure proper locking and avoid the invalid context sleep call.


How can this vulnerability impact me? :

This vulnerability can cause kernel bugs such as crashes or instability due to improper locking and sleeping in invalid contexts. This can lead to system instability or denial of service on affected Linux systems when network device multicast membership is modified under certain conditions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart