VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 16, 2025· Updated Apr 15, 2026

CVE-2025-40347

CVE-2025-40347

Description

In the Linux kernel, the following vulnerability has been resolved:

net: enetc: fix the deadlock of enetc_mdio_lock

After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the read lock enetc_mdio_lock. Here list some of the call stacks identified under the enetc_poll path that may lead to a deadlock:

enetc_poll -> enetc_lock_mdio -> enetc_clean_rx_ring OR napi_complete_done -> napi_gro_receive -> enetc_start_xmit -> enetc_lock_mdio -> enetc_map_tx_buffs -> enetc_unlock_mdio -> enetc_unlock_mdio

After enetc_poll acquires the read lock, a higher-priority writer attempts to acquire the lock, causing preemption. The writer detects that a read lock is already held and is scheduled out. However, readers under enetc_poll cannot acquire the read lock again because a writer is already waiting, leading to a thread hang.

Currently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent recursive lock acquisition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, recursive acquisition of enetc_mdio_lock in enetc_poll can cause a deadlock on LS1028A with RT kernel after the err050089 workaround; the fix prevents recursive locking.

Vulnerability

CVE-2025-40347 describes a deadlock in the Linux kernel's enetc network driver. The root cause is the recursive acquisition of the read lock enetc_mdio_lock within the enetc_poll function. After applying a workaround for errata err050089 on the LS1028A platform, the system experienced RCU stalls on RT (real-time) kernels due to this locking flaw [1][2].

Exploitation

Under the enetc_poll path, the driver holds a read lock on enetc_mdio_lock and then may attempt to acquire it again via call chains such as napi_gro_receive -> enetc_start_xmit -> enetc_lock_mdio. If a higher-priority writer is waiting for the lock, the reader cannot reacquire it, causing a thread hang and eventual deadlock. This condition occurs during normal packet processing and does not require any special attacker access [1][2].

Impact

An attacker able to trigger sufficient network traffic to invoke the enetc_poll path could cause a kernel deadlock, leading to a denial of service on the affected LS1028A-based systems. The vulnerability is specific to configurations that include the err050089 workaround combined with a real-time kernel [1][2].

Mitigation

The fix, already applied in the kernel stable tree, modifies enetc_lock_mdio to avoid recursive lock acquisition. Users should update to a kernel version containing commit 50bd33f6b3922a6b760aa30d409cae891cec8fb5 or later [1][2].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
2781ca82ce8c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1f92f5bd057a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
2e55a49dc3b2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
50bd33f6b392
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.