{ "threat_severity" : "Important", "public_date" : "2025-12-16T00:00:00Z", "bugzilla" : { "description" : "kernel: net: enetc: fix the deadlock of enetc_mdio_lock", "id" : "2422720", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2422720" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-764", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: enetc: fix the deadlock of enetc_mdio_lock\nAfter applying the workaround for err050089, the LS1028A platform\nexperiences RCU stalls on RT kernel. This issue is caused by the\nrecursive acquisition of the read lock enetc_mdio_lock. Here list some\nof the call stacks identified under the enetc_poll path that may lead to\na deadlock:\nenetc_poll\n-> enetc_lock_mdio\n-> enetc_clean_rx_ring OR napi_complete_done\n-> napi_gro_receive\n-> enetc_start_xmit\n-> enetc_lock_mdio\n-> enetc_map_tx_buffs\n-> enetc_unlock_mdio\n-> enetc_unlock_mdio\nAfter enetc_poll acquires the read lock, a higher-priority writer attempts\nto acquire the lock, causing preemption. The writer detects that a\nread lock is already held and is scheduled out. However, readers under\nenetc_poll cannot acquire the read lock again because a writer is already\nwaiting, leading to a thread hang.\nCurrently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent\nrecursive lock acquisition.", "A deadlock vulnerability was found in the NXP ENETC network driver in the Linux kernel. On RT kernels with the err050089 workaround, recursive acquisition of enetc_mdio_lock occurs when the TX path is invoked from within the RX NAPI poll context. This causes RCU stalls and system hangs." ], "statement" : "This specifically affects NXP LS1028A platforms running RT (PREEMPT_RT) kernels. Standard kernels and other platforms are unaffected. The deadlock causes complete system hang.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat In-Vehicle Operating System 1", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:rhivos:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40347\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40347\nhttps://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-40347-275c@gregkh/T" ], "name" : "CVE-2025-40347", "csaw" : false }