🛡️ UBUNTU-CVE-2025-21986
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing notifiers to / from the chain and acquired for reading when traversing the chain and informing notifiers about an event. In case of the blocking switchdev notification chain, recursive notifications are possible which leads to the semaphore being acquired twice for reading and to lockdep warnings being generated [1]. Specifically, this can happen when the bridge driver processes a SWITCHDEV_BRPORT_UNOFFLOADED event which causes it to emit notifications about deferred events when calling switchdev_deferred_process(). Fix this by converting the notification chain to a raw notification chain in a similar fashion to the netdev notification chain. Protect the chain using the RTNL mutex by acquiring it when modifying the chain. Events are always informed under the RTNL mutex, but add an assertion in call_switchdev_blocking_notifiers() to make sure this is not violated in the future. Maintain the "blocking" prefix as events are always emitted from process context and listeners are allowed to block. [1]: WARNING: possible recursive locking detected 6.14.0-rc4-custom-g079270089484 #1 Not tainted -------------------------------------------- ip/52731 is trying to acquire lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 but task is already holding lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((switchdev_blocking_notif_chain).rwsem); lock((switchdev_blocking_notif_chain).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by ip/52731: #0: ffffffff84f795b0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x727/0x1dc0 #1: ffffffff8731f628 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x790/0x1dc0 #2: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 stack backtrace: ... ? __pfx_down_read+0x10/0x10 ? __pfx_mark_lock+0x10/0x10 ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10 blocking_notifier_call_chain+0x58/0xa0 switchdev_port_attr_notify.constprop.0+0xb3/0x1b0 ? __pfx_switchdev_port_attr_notify.constprop.0+0x10/0x10 ? mark_held_locks+0x94/0xe0 ? switchdev_deferred_process+0x11a/0x340 switchdev_port_attr_set_deferred+0x27/0xd0 switchdev_deferred_process+0x164/0x340 br_switchdev_port_unoffload+0xc8/0x100 [bridge] br_switchdev_blocking_event+0x29f/0x580 [bridge] notifier_call_chain+0xa2/0x440 blocking_notifier_call_chain+0x6e/0xa0 switchdev_bridge_port_unoffload+0xde/0x1a0 ...

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2025-04-01
Updated 2026-06-15
Modified 2026-06-08
Fix URL N/A

Affected Packages

Software From version Fixed in
linux 6.8.0-84.84
linux-allwinner-5.19
linux-aws 6.8.0-1039.41
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.15
linux-aws-5.19
linux-aws-5.3
linux-aws-5.4
linux-aws-5.8
linux-aws-6.2
linux-aws-6.5
linux-aws-6.8 6.8.0-1039.41~22.04.1
linux-aws-fips 6.8.0-1039.41+fips1
linux-aws-hwe
linux-azure 6.8.0-1038.44
linux-azure-4.15
linux-azure-5.11
linux-azure-5.13
linux-azure-5.15
linux-azure-5.19
linux-azure-5.3
linux-azure-5.4
linux-azure-5.8
linux-azure-6.11 6.11.0-1018.18~24.04.1
linux-azure-6.2
linux-azure-6.5
linux-azure-6.8 6.8.0-1036.42~22.04.1
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.15
linux-azure-fde-5.19
linux-azure-fde-6.2
linux-azure-fips 6.8.0-1040.46+fips1
linux-azure-nvidia 6.8.0-1025.27
linux-bluefield
linux-fips 6.8.0-84.84+fips1
linux-gcp 6.8.0-1040.42
linux-gcp-4.15
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.15
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.4
linux-gcp-5.8
linux-gcp-6.11 6.11.0-1016.16~24.04.1
linux-gcp-6.2
linux-gcp-6.5
linux-gcp-6.8 6.8.0-1040.42~22.04.1
linux-gcp-fips 6.8.0-1040.42+fips1
linux-gke 6.8.0-1036.40
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop 6.8.0-1023.25
linux-gkeop-5.15
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.15
linux-hwe-5.19
linux-hwe-5.4
linux-hwe-5.8
linux-hwe-6.11 6.11.0-28.28~24.04.1
linux-hwe-6.2
linux-hwe-6.5
linux-hwe-6.8 6.8.0-85.85~22.04.1
linux-hwe-edge
linux-ibm 6.8.0-1037.37
linux-ibm-5.15
linux-ibm-5.4
linux-ibm-6.8 6.8.0-1037.37~22.04.1
linux-intel
linux-intel-5.13
linux-intel-iot-realtime
linux-intel-iotg
linux-intel-iotg-5.15
linux-iot
linux-kvm
linux-lowlatency 6.8.0-84.84.1
linux-lowlatency-hwe-5.15
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.11 6.11.0-1015.16~24.04.2
linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.5
linux-lowlatency-hwe-6.8 6.8.0-84.84.1~22.04.1
linux-lts-xenial
linux-nvidia 6.8.0-1039.42
linux-nvidia-6.11 6.11.0-1012.12
linux-nvidia-6.2
linux-nvidia-6.5
linux-nvidia-6.8 6.8.0-1039.42~22.04.1
linux-nvidia-lowlatency 6.8.0-1039.42.1
linux-nvidia-tegra 6.8.0-1010.10
linux-nvidia-tegra-5.15
linux-nvidia-tegra-igx
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oem-6.11 6.11.0-1024.24
linux-oem-6.5
linux-oem-6.8
linux-oracle 6.8.0-1037.38
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.15
linux-oracle-5.3
linux-oracle-5.4
linux-oracle-5.8
linux-oracle-6.5
linux-oracle-6.8 6.8.0-1037.38~22.04.1
linux-raspi 6.8.0-1039.43
linux-raspi-5.4
linux-raspi-realtime 6.8.0-2030.31
linux-raspi2
linux-realtime 6.8.1-1034.35
linux-realtime-6.8 6.8.1-1034.35~22.04.1
linux-riscv
linux-riscv-5.11
linux-riscv-5.15
linux-riscv-5.19
linux-riscv-5.8
linux-riscv-6.5
linux-riscv-6.8 6.8.0-84.84~22.04.1
linux-starfive-5.19
linux-starfive-6.2
linux-starfive-6.5
linux-xilinx 6.8.0-1018.19
linux-xilinx-zynqmp

References

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.