CVE-2025-40231
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsock_register_mutex locking in vsock_assign_transport() around the transport->release() call, that can call vsock_linger(). vsock_assign_transport() can be called with sk_lock held. vsock_linger() calls sk_wait_event() that temporarily releases and re-acquires sk_lock. During this window, if another thread hold vsock_register_mutex while trying to acquire sk_lock, a circular dependency is created. Fix this by releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(). This is safe because we don't need to hold vsock_register_mutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via try_module_get().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-05-07
AI Q&A
2025-12-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40231
EUVD
EUVD-2025-201228
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a lock inversion deadlock issue in the Linux kernel's vsock subsystem. It occurs due to a circular dependency between two locks: vsock_register_mutex and sk_lock-AF_VSOCK. Specifically, when vsock_linger() is called during vsock_assign_transport(), the locking order can cause a deadlock because vsock_linger() temporarily releases and re-acquires sk_lock, and if another thread holds vsock_register_mutex while trying to acquire sk_lock, a circular wait happens. The fix involves releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(), preventing the deadlock.


How can this vulnerability impact me? :

This vulnerability can cause a deadlock in the Linux kernel's vsock subsystem, potentially leading to system hangs or degraded performance when the affected code paths are executed. This can impact system stability and availability, especially in environments relying on vsock communication.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the lock inversion issue in vsock_assign_transport(). The fix involves releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(), preventing the deadlock. Until the update is applied, avoid workloads or configurations that heavily use vsock transports to reduce the risk of triggering the deadlock.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart