CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging
Description
In the Linux kernel, the following vulnerability has been resolved:
net: ibmveth: make veth_pool_store stop hanging
v2:
- Created a single error handling unlock and exit in veth_pool_store
- Greatly expanded commit message with previous explanatory-only text
Summary: Use rtnl_mutex to synchronize veth_pool_store with itself,
ibmveth_close and ibmveth_open, preventing multiple calls in a row to
napi_disable.
Background: Two (or more) threads could call veth_pool_store through
writing to /sys/devices/vio/30000002/pool*/*. You can do this easily
with a little shell script. This causes a hang.
I configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new
kernel. I ran this test again and saw:
Setting pool0/active to 0
Setting pool1/active to 1
[ 73.911067][ T4365] ibmveth 30000002 eth0: close starting
Setting pool1/active to 1
Setting pool1/active to 0
[ 73.911367][ T4366] ibmveth 30000002 eth0: close starting
[ 73.916056][ T4365] ibmveth 30000002 eth0: close complete
[ 73.916064][ T4365] ibmveth 30000002 eth0: open starting
[ 110.808564][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.
[ 230.808495][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.
[ 243.683786][ T123] INFO: task stress.sh:4365 blocked for more than 122 seconds.
[ 243.683827][ T123] Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8
[ 243.683833][ T123] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" ...
Classification
CVE ID: CVE-2025-22053
Affected Products
Vendor: Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 3.07% (scored less or equal to compared to others)
EPSS Date: 2025-04-20 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-22053https://git.kernel.org/stable/c/1e458c292f4c687dcf5aad32dd4836d03cd2191f
https://git.kernel.org/stable/c/8a88bb092f4208355880b9fdcc69d491aa297595
https://git.kernel.org/stable/c/86cc70f5c85dc09bf7f3e1eee380eefe73c90765
https://git.kernel.org/stable/c/0a2470e3ecde64fc7e3781dc474923193621ae67
https://git.kernel.org/stable/c/053f3ff67d7feefc75797863f3d84b47ad47086f