{"id":"CVE-2025-38392","summary":"idpf: convert control queue mutex to a spinlock","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[  324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[  324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[  324.701689] preempt_count: 201, expected: 0\n[  324.701693] RCU nest depth: 0, expected: 0\n[  324.701697] 2 locks held by NetworkManager/1582:\n[  324.701702]  #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[  324.701730]  #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[  324.701749] Preemption disabled at:\n[  324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[  324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[  324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[  324.701774] Call Trace:\n[  324.701777]  \u003cTASK\u003e\n[  324.701779]  dump_stack_lvl+0x5d/0x80\n[  324.701788]  ? __dev_open+0x3dd/0x870\n[  324.701793]  __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[  324.701818]  __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[  324.701917]  idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[  324.701935]  ? kasan_save_track+0x14/0x30\n[  324.701941]  idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[  324.701991]  idpf_send_mb_msg+0x111/0x720 [idpf]\n[  324.702009]  idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[  324.702021]  ? rcu_is_watching+0x12/0xc0\n[  324.702035]  idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[  324.702122]  __hw_addr_sync_dev+0x1cf/0x300\n[  324.702126]  ? find_held_lock+0x32/0x90\n[  324.702134]  idpf_set_rx_mode+0x317/0x390 [idpf]\n[  324.702152]  __dev_open+0x3f8/0x870\n[  324.702159]  ? __pfx___dev_open+0x10/0x10\n[  324.702174]  __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[  324.702208]  netif_change_flags+0x80/0x160\n[  324.702218]  do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[  324.702349]  rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e  # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e  # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq()   # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.","modified":"2026-04-02T12:47:57.756883Z","published":"2025-07-25T12:53:37.175Z","related":["ALSA-2025:15429","ALSA-2025:15782","ALSA-2025:15785","ALSA-2025:15786","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38392.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/9a36715cd6bc6a6f16230e19a7f947bab34b3fe5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2beb5bb2cd90d7939e470ed4da468683f41baa3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38392.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38392"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a251eee62133774cf35ff829041377e721ef9c8c"},{"fixed":"9a36715cd6bc6a6f16230e19a7f947bab34b3fe5"},{"fixed":"dc6c3c2c9dfdaa3a3357f59a80a2904677a71a9a"},{"fixed":"b2beb5bb2cd90d7939e470ed4da468683f41baa3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38392.json"}}],"schema_version":"1.7.5"}