FKIE_CVE-2025-40219

Vulnerability from fkie_nvd - Published: 2025-12-04 15:15 - Updated: 2026-06-17 09:21
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_del_vfs() and concurrent hot unplug by taking the PCI rescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock was also taken in sriov_add_vfs() to protect addition of VFs. This approach however causes deadlock on trying to remove PFs with SR-IOV enabled because PFs disable SR-IOV during removal and this removal happens under the PCI rescan/remove lock. So the original fix had to be reverted. Instead of taking the PCI rescan/remove lock in sriov_add_vfs() and sriov_del_vfs(), fix the race that occurs with SR-IOV enable and disable vs hotplug higher up in the callchain by taking the lock in sriov_numvfs_store() before calling into the driver's sriov_configure() callback.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1047ca2d816994f31e1475e63e0c0b7825599747
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3cddde484471c602bea04e6f384819d336a1ff84
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c37920c96b85ef4255a7acc795e99e63dd38d59
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/97c18f074ff1c12d016a0753072a3afdfa0b9611
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a5338e365c4559d7b4d7356116b0eb95b12e08d5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bea1d373098b22d7142da48750ce5526096425bc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d7673ac466eca37ec3e6b7cc9ccdb06de3304e9b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f3015627b6e9ddf85cfeaf42405b3c194dde2c36
Impacted products
Vendor Product Version
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/iov.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3cddde484471c602bea04e6f384819d336a1ff84",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "d7673ac466eca37ec3e6b7cc9ccdb06de3304e9b",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "7c37920c96b85ef4255a7acc795e99e63dd38d59",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "1047ca2d816994f31e1475e63e0c0b7825599747",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "97c18f074ff1c12d016a0753072a3afdfa0b9611",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "bea1d373098b22d7142da48750ce5526096425bc",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "f3015627b6e9ddf85cfeaf42405b3c194dde2c36",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            },
            {
              "lessThan": "a5338e365c4559d7b4d7356116b0eb95b12e08d5",
              "status": "affected",
              "version": "18f9e9d150fccfa747875df6f0a9f606740762b3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/iov.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/IOV: Fix race between SR-IOV enable/disable and hotplug\n\nCommit 05703271c3cd (\"PCI/IOV: Add PCI rescan-remove locking when\nenabling/disabling SR-IOV\") tried to fix a race between the VF removal\ninside sriov_del_vfs() and concurrent hot unplug by taking the PCI\nrescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock\nwas also taken in sriov_add_vfs() to protect addition of VFs.\n\nThis approach however causes deadlock on trying to remove PFs with SR-IOV\nenabled because PFs disable SR-IOV during removal and this removal happens\nunder the PCI rescan/remove lock. So the original fix had to be reverted.\n\nInstead of taking the PCI rescan/remove lock in sriov_add_vfs() and\nsriov_del_vfs(), fix the race that occurs with SR-IOV enable and disable vs\nhotplug higher up in the callchain by taking the lock in\nsriov_numvfs_store() before calling into the driver\u0027s sriov_configure()\ncallback."
    }
  ],
  "id": "CVE-2025-40219",
  "lastModified": "2026-06-17T09:21:28.670",
  "metrics": {},
  "published": "2025-12-04T15:15:57.790",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1047ca2d816994f31e1475e63e0c0b7825599747"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3cddde484471c602bea04e6f384819d336a1ff84"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7c37920c96b85ef4255a7acc795e99e63dd38d59"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/97c18f074ff1c12d016a0753072a3afdfa0b9611"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a5338e365c4559d7b4d7356116b0eb95b12e08d5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bea1d373098b22d7142da48750ce5526096425bc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d7673ac466eca37ec3e6b7cc9ccdb06de3304e9b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f3015627b6e9ddf85cfeaf42405b3c194dde2c36"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Deferred"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.