We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38150

af_packet: move notifier's packet_dev_mc out of rcu critical section



Description

In the Linux kernel, the following vulnerability has been resolved: af_packet: move notifier's packet_dev_mc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 __mutex_lock+0x106/0xe80 kernel/locking/mutex.c:746 team_change_rx_flags+0x38/0x220 drivers/net/team/team_core.c:1781 dev_change_rx_flags net/core/dev.c:9145 [inline] __dev_set_promiscuity+0x3f8/0x590 net/core/dev.c:9189 netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201 dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286 packet_dev_mc net/packet/af_packet.c:3698 [inline] packet_dev_mclist_delete net/packet/af_packet.c:3722 [inline] packet_notifier+0x292/0xa60 net/packet/af_packet.c:4247 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85 call_netdevice_notifiers_extack net/core/dev.c:2214 [inline] call_netdevice_notifiers net/core/dev.c:2228 [inline] unregister_netdevice_many_notify+0x15d8/0x2330 net/core/dev.c:11972 rtnl_delete_link net/core/rtnetlink.c:3522 [inline] rtnl_dellink+0x488/0x710 net/core/rtnetlink.c:3564 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6955 netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534 Calling `PACKET_ADD_MEMBERSHIP` on an ops-locked device can trigger the `NETDEV_UNREGISTER` notifier, which may require disabling promiscuous and/or allmulti mode. Both of these operations require acquiring the netdev instance lock. Move the call to `packet_dev_mc` outside of the RCU critical section. The `mclist` modifications (add, del, flush, unregister) are protected by the RTNL, not the RCU. The RCU only protects the `sklist` and its associated `sks`. The delayed operation on the `mclist` entry remains within the RTNL.

Reserved 2025-04-16 | Published 2025-07-03 | Updated 2025-07-03 | Assigner Linux

Product status

Default status
unaffected

ad7c7b2172c388818a111455643491d75f535e90 before 2dd4781c5af99415ebbd2f7cc763feb109863c05
affected

ad7c7b2172c388818a111455643491d75f535e90 before d8d85ef0a631df9127f202e6371bb33a0b589952
affected

Default status
affected

6.15
affected

Any version before 6.15
unaffected

6.15.3
unaffected

6.16-rc1
unaffected

References

git.kernel.org/...c/2dd4781c5af99415ebbd2f7cc763feb109863c05

git.kernel.org/...c/d8d85ef0a631df9127f202e6371bb33a0b589952

cve.org (CVE-2025-38150)

nvd.nist.gov (CVE-2025-38150)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38150

Support options

Helpdesk Chat, Email, Knowledgebase