CVE-2025-39908
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-12-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: dev_ioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13 PID: 51364 at ./include/net/netdev_lock.h:70 __netdev_update_features+0x4bd/0xe60 ... RIP: 0010:__netdev_update_features+0x4bd/0xe60 ... Call Trace: <TASK> netdev_update_features+0x1f/0x60 mlx5_hwtstamp_set+0x181/0x290 [mlx5_core] mlx5e_hwtstamp_set+0x19/0x30 [mlx5_core] dev_set_hwtstamp_phylib+0x9f/0x220 dev_set_hwtstamp_phylib+0x9f/0x220 dev_set_hwtstamp+0x13d/0x240 dev_ioctl+0x12f/0x4b0 sock_ioctl+0x171/0x370 __x64_sys_ioctl+0x3f7/0x900 ? __sys_setsockopt+0x69/0xb0 do_syscall_64+0x6f/0x2e0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 ... </TASK> .... ---[ end trace 0000000000000000 ]--- Note that the mlx5_hwtstamp_set and mlx5e_hwtstamp_set functions shown in the trace come from an in progress patch converting the legacy ioctl to ndo_hwtstamp_get/set and are not present in mainline.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-12-12
Generated
2026-05-07
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39908
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.15 (inc) to 6.16.8 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the handling of hardware timestamping (hwtstamp) ioctl operations. Specifically, the ndo hwtstamp callbacks were not consistently taking the per-device operations lock in the lower get/set paths, which is required for proper synchronization. This inconsistency could lead to race conditions or unexpected behavior when these ioctl calls are made. The fix ensures that the lower get/set paths take the ops lock, making them consistent with other ndo invocations and preventing potential kernel warnings or crashes.


How can this vulnerability impact me? :

This vulnerability could cause instability in the Linux kernel when hardware timestamping ioctl operations are performed, potentially leading to kernel warnings, crashes, or race conditions. This may affect network device functionality or reliability on systems using these ioctl calls, possibly resulting in degraded network performance or system instability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the kernel logs for warnings related to netdev locking issues, specifically messages like: "WARNING: CPU: ... at ./include/net/netdev_lock.h:70 __netdev_update_features" and call traces involving mlx5_hwtstamp_set or mlx5e_hwtstamp_set functions. You can use the command 'dmesg | grep netdev_lock' or 'journalctl -k | grep netdev_lock' to search for such warnings in the kernel logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability has been resolved, as the issue is fixed by ensuring the ndo hwtstamp callbacks run under the per-device ops lock consistently. Until then, monitoring kernel logs for the described warnings can help identify if the vulnerability is being triggered.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart