We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38305

ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()



Description

In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() There is no disagreement that we should check both ptp->is_virtual_clock and ptp->n_vclocks to check if the ptp virtual clock is in use. However, when we acquire ptp->n_vclocks_mux to read ptp->n_vclocks in ptp_vclock_in_use(), we observe a recursive lock in the call trace starting from n_vclocks_store(). ============================================ WARNING: possible recursive locking detected 6.15.0-rc6 #1 Not tainted -------------------------------------------- syz.0.1540/13807 is trying to acquire lock: ffff888035a24868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline] ffff888035a24868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415 but task is already holding lock: ffff888030704868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&ptp->n_vclocks_mux); lock(&ptp->n_vclocks_mux); *** DEADLOCK *** .... ============================================ The best way to solve this is to remove the logic that checks ptp->n_vclocks in ptp_vclock_in_use(). The reason why this is appropriate is that any path that uses ptp->n_vclocks must unconditionally check if ptp->n_vclocks is greater than 0 before unregistering vclocks, and all functions are already written this way. And in the function that uses ptp->n_vclocks, we already get ptp->n_vclocks_mux before unregistering vclocks. Therefore, we need to remove the redundant check for ptp->n_vclocks in ptp_vclock_in_use() to prevent recursive locking.

Reserved 2025-04-16 | Published 2025-07-10 | Updated 2025-07-10 | Assigner Linux

Product status

Default status
unaffected

73f37068d540eba5f93ba3a0019bf479d35ebd76 before 5d217e7031a5c06d366580fc6ddbf43527b780d4
affected

73f37068d540eba5f93ba3a0019bf479d35ebd76 before b1b73c452331451020be3bf4b014901015ae6663
affected

73f37068d540eba5f93ba3a0019bf479d35ebd76 before 259119595227fd20f6aa29d85abe086b6fdd9eb1
affected

73f37068d540eba5f93ba3a0019bf479d35ebd76 before b93e6fef4eda48e17d9c642b9abad98a066fd4a3
affected

73f37068d540eba5f93ba3a0019bf479d35ebd76 before ef8fc007c28a30a4c0d90bf755e0f343d99bb392
affected

73f37068d540eba5f93ba3a0019bf479d35ebd76 before 87f7ce260a3c838b49e1dc1ceedf1006795157a2
affected

Default status
affected

5.14
affected

Any version before 5.14
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.94
unaffected

6.12.34
unaffected

6.15.3
unaffected

6.16-rc2
unaffected

References

git.kernel.org/...c/5d217e7031a5c06d366580fc6ddbf43527b780d4

git.kernel.org/...c/b1b73c452331451020be3bf4b014901015ae6663

git.kernel.org/...c/259119595227fd20f6aa29d85abe086b6fdd9eb1

git.kernel.org/...c/b93e6fef4eda48e17d9c642b9abad98a066fd4a3

git.kernel.org/...c/ef8fc007c28a30a4c0d90bf755e0f343d99bb392

git.kernel.org/...c/87f7ce260a3c838b49e1dc1ceedf1006795157a2

cve.org (CVE-2025-38305)

nvd.nist.gov (CVE-2025-38305)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38305

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.