CVE-2025-39908Uncontrolled Resource Consumption in Linux

CWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
5.5MEDIUMNVD
OSV5.3
EPSS
0.0%
top 95.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: net: dev_ioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13 PID: 51364 at ./include/net/netdev_lock.h:70 __netdev_update_features+0x4bd/0xe60 ... RIP: 0010:__netdev_update_features+0x4bd/0xe60 ... Call Trace: netdev_update_features+0x1f/0x60 mlx5_hwtstamp_s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

NVDlinux/linux_kernel6.156.16.8+1
Debianlinux/linux_kernel< 6.16.8-1
CVEListV5linux/linuxffb7ed19ac0a9fa9ea79af1d7b42c03a10da98a52d92fa0cdc02291de57f72170e8b60cef0cf5372+2
debiandebian/linux< linux 6.16.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-39908: In the Linux kernel, the following vulnerability has been resolved: net: dev_ioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are e2025-10-01
GHSA
GHSA-qf93-q7mq-9vv4: In the Linux kernel, the following vulnerability has been resolved: net: dev_ioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are2025-10-01
OSV
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities2025-04-07

📋Vendor Advisories

3
Red Hat
kernel: net: dev_ioctl: take ops lock in hwtstamp lower paths2025-10-01
Debian
CVE-2025-39908: linux - In the Linux kernel, the following vulnerability has been resolved: net: dev_io...2025
Microsoft
Denial of service in REXML2024-07-09