CVE - CVE-2025-38048

CVE-ID
CVE-2025-38048	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: ================================================================== BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653 start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264 __netdev_start_xmit include/linux/netdevice.h:5151 [inline] netdev_start_xmit include/linux/netdevice.h:5160 [inline] xmit_one net/core/dev.c:3800 [inline] read to 0xffff8881025bc452 of 1 bytes by interrupt on cpu 1: virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [inline] virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566 skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777 vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715 __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] value changed: 0x01 -> 0x00 ================================================================== When the data race occurs, the function virtqueue_enable_cb_delayed() sets event_triggered to false, and virtqueue_disable_cb_split/packed() reads it as false due to the race condition. Since event_triggered is an unreliable hint used for optimization, this should only cause the driver temporarily suggest that the device not send an interrupt notification when the event index is used. Fix this KCSAN reported data-race issue by explicitly tagging the access as data_racy.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2 URL:https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2 MISC:https://git.kernel.org/stable/c/2e2f925fe737576df2373931c95e1a2b66efdfef URL:https://git.kernel.org/stable/c/2e2f925fe737576df2373931c95e1a2b66efdfef MISC:https://git.kernel.org/stable/c/4ed8f0e808b3fcc71c5b8be7902d8738ed595b17 URL:https://git.kernel.org/stable/c/4ed8f0e808b3fcc71c5b8be7902d8738ed595b17 MISC:https://git.kernel.org/stable/c/b49b5132e4c7307599492aee1cdc6d89f7f2a7da URL:https://git.kernel.org/stable/c/b49b5132e4c7307599492aee1cdc6d89f7f2a7da MISC:https://git.kernel.org/stable/c/b6d6419548286b2b9d2b90df824d3cab797f6ae8 URL:https://git.kernel.org/stable/c/b6d6419548286b2b9d2b90df824d3cab797f6ae8 MISC:https://git.kernel.org/stable/c/b730cb109633c455ce8a7cd6934986c6a16d88d8 URL:https://git.kernel.org/stable/c/b730cb109633c455ce8a7cd6934986c6a16d88d8
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)