Data Race Vulnerability in Linux Kernel Affecting Virtio Ring by Linux Foundation
CVE-2025-38048
What is CVE-2025-38048?
This vulnerability in the Linux kernel pertains to a data race condition within the Virtio Ring functionality. The issue arises when the function virtqueue_enable_cb_delayed sets an event_triggered variable to false, concurrently accessed by another process reading it as false, due to the race condition. While this event_triggered variable acts as a hint for optimization, its unreliable state can lead to temporary miscommunication regarding interrupt notifications when the event index is used. The flaw has been marked for resolution to enhance overall safety and reliability in data handling in the kernel context.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 02d2d6caee3abc9335cfca35f8eb4492173ae6f2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2