{"id":"CVE-2025-40231","summary":"vsock: fix lock inversion in vsock_assign_transport()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix lock inversion in vsock_assign_transport()\n\nSyzbot reported a potential lock inversion deadlock between\nvsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called.\n\nThe issue was introduced by commit 687aa0c5581b (\"vsock: Fix\ntransport_* TOCTOU\") which added vsock_register_mutex locking in\nvsock_assign_transport() around the transport-\u003erelease() call, that can\ncall vsock_linger(). vsock_assign_transport() can be called with sk_lock\nheld. vsock_linger() calls sk_wait_event() that temporarily releases and\nre-acquires sk_lock. During this window, if another thread hold\nvsock_register_mutex while trying to acquire sk_lock, a circular\ndependency is created.\n\nFix this by releasing vsock_register_mutex before calling\ntransport-\u003erelease() and vsock_deassign_transport(). This is safe\nbecause we don't need to hold vsock_register_mutex while releasing the\nold transport, and we ensure the new transport won't disappear by\nobtaining a module reference first via try_module_get().","modified":"2026-04-02T12:48:20.124156Z","published":"2025-12-04T15:31:22.199Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40231.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/09bba278ccde25a14b6e5088a9e65a8717d0cccf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/251caee792a21eb0b781aab91362b422c945e162"},{"type":"WEB","url":"https://git.kernel.org/stable/c/42ed0784d11adebf748711e503af0eb9f1e6d81d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2a4346eea8b4cb75037dbcb20b98cb454324f80"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b44182c116778feaa05da52a426aeb9da1878dcf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ce4f856c64f0bc30e29302a0ce41f4295ca391c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f7c877e7535260cc7a21484c994e8ce7e8cb6780"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40231.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40231"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8667e8d0eb46bc54fdae30ba2f4786407d3d88eb"},{"fixed":"ce4f856c64f0bc30e29302a0ce41f4295ca391c5"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"36a439049b34cca0b3661276049b84a1f76cc21a"},{"fixed":"09bba278ccde25a14b6e5088a9e65a8717d0cccf"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9ce53e744f18e73059d3124070e960f3aa9902bf"},{"fixed":"b44182c116778feaa05da52a426aeb9da1878dcf"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9d24bb6780282b0255b9929abe5e8f98007e2c6e"},{"fixed":"42ed0784d11adebf748711e503af0eb9f1e6d81d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ae2c712ba39c7007de63cb0c75b51ce1caaf1da5"},{"fixed":"251caee792a21eb0b781aab91362b422c945e162"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"687aa0c5581b8d4aa87fd92973e4ee576b550cdf"},{"fixed":"a2a4346eea8b4cb75037dbcb20b98cb454324f80"},{"fixed":"f7c877e7535260cc7a21484c994e8ce7e8cb6780"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"7b73bddf54777fb62d4d8c7729d0affe6df04477"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40231.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.246"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.196"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.158"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.115"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.56"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40231.json"}}],"schema_version":"1.7.5"}