Deadlock Vulnerability in Linux Kernel virtio-net Driver
CVE-2025-38551

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 August 2025

What is CVE-2025-38551?

A deadlock vulnerability exists in the virtio-net driver of the Linux kernel, triggered during the probing phase when a VMM sends a VIRTIO_NET_S_ANNOUNCE request. This issue can result in a recursive locking scenario involving the rtnl_lock(), leading to significant delays and potential system instability. The lock contention is caused by the virtio-net driver's inability to handle configuration changes smoothly while still probing, which complicates its operation and can degrade performance in virtualized environments.

Affected Version(s)

Linux df28de7b00502761eba62490f413c65c9b175ed9 < 4e7c46362550b229354aeb52038f414e231b0037

Linux df28de7b00502761eba62490f413c65c9b175ed9 < 3859f137b3c1fa1f0031d54263234566bdcdd7aa

Linux df28de7b00502761eba62490f413c65c9b175ed9

References

https://git.kernel.org/stable/c/4e7c46362550b229354aeb520...
https://git.kernel.org/stable/c/3859f137b3c1fa1f0031d5426...
https://git.kernel.org/stable/c/be5dcaed694e4255dc02dd0ac...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38551 : Deadlock Vulnerability in Linux Kernel virtio-net Driver