2376105 – (CVE-2025-38114) CVE-2025-38114 kernel: e1000: Move cancel_work_sync to avoid deadlock

Bug 2376105 (CVE-2025-38114) - CVE-2025-38114 kernel: e1000: Move cancel_work_sync to avoid deadlock

Summary: CVE-2025-38114 kernel: e1000: Move cancel_work_sync to avoid deadlock

Keywords:
Status:	NEW
Alias:	CVE-2025-38114
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-03 09:05 UTC by OSIDB Bzimport
Modified:	2025-07-04 03:58 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-03 09:05:17 UTC

In the Linux kernel, the following vulnerability has been resolved:

e1000: Move cancel_work_sync to avoid deadlock

Previously, e1000_down called cancel_work_sync for the e1000 reset task
(via e1000_down_and_stop), which takes RTNL.

As reported by users and syzbot, a deadlock is possible in the following
scenario:

CPU 0:
  - RTNL is held
  - e1000_close
  - e1000_down
  - cancel_work_sync (cancel / wait for e1000_reset_task())

CPU 1:
  - process_one_work
  - e1000_reset_task
  - take RTNL

To remedy this, avoid calling cancel_work_sync from e1000_down
(e1000_reset_task does nothing if the device is down anyway). Instead,
call cancel_work_sync for e1000_reset_task when the device is being
removed.

Comment 1 Avinash Hanwate 2025-07-04 03:50:11 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025070325-CVE-2025-38114-c603@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.