Vulnerability in Linux Kernel Affects Network Device Operations
CVE-2025-39908

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39908?

A vulnerability exists within the Linux kernel concerning the handling of hardware timestamping callbacks (hwtstamp). Specifically, the issue arises from the inconsistent management of the operations lock during the execution of get/set paths in network device operations. This discrepancy can result in improper locking mechanisms leading to unforeseen behavior during driver interactions. The affected functions, including mlx5_hwtstamp_set and mlx5e_hwtstamp_set, are crucial for network timestamps but are linked to a patch currently in development and may not be available in mainline sources yet. The kernel debug log warns of potential stability risks, emphasizing the need for immediate assessments and updates.

Affected Version(s)

Linux ffb7ed19ac0a9fa9ea79af1d7b42c03a10da98a5 < 2d92fa0cdc02291de57f72170e8b60cef0cf5372

Linux ffb7ed19ac0a9fa9ea79af1d7b42c03a10da98a5 < 686cab5a18e443e1d5f2abb17bed45837836425f

Linux 6.15

References

https://git.kernel.org/stable/c/2d92fa0cdc02291de57f72170...

https://git.kernel.org/stable/c/686cab5a18e443e1d5f2abb17...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON