Wind River Support Network

HomeDefectsLIN1023-13987
Acknowledged

LIN1023-13987 : Security Advisory - linux - CVE-2025-38305

Created: Jul 10, 2025    Updated: Jul 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()[EOL][EOL]There is no disagreement that we should check both ptp->is_virtual_clock[EOL]and ptp->n_vclocks to check if the ptp virtual clock is in use.[EOL][EOL]However, when we acquire ptp->n_vclocks_mux to read ptp->n_vclocks in[EOL]ptp_vclock_in_use(), we observe a recursive lock in the call trace[EOL]starting from n_vclocks_store().[EOL][EOL]============================================[EOL]WARNING: possible recursive locking detected[EOL]6.15.0-rc6 #1 Not tainted[EOL]--------------------------------------------[EOL]syz.0.1540/13807 is trying to acquire lock:[EOL]ffff888035a24868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at:[EOL] ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline][EOL]ffff888035a24868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at:[EOL] ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415[EOL][EOL]but task is already holding lock:[EOL]ffff888030704868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at:[EOL] n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215[EOL][EOL]other info that might help us debug this:[EOL] Possible unsafe locking scenario:[EOL][EOL]       CPU0[EOL]       ----[EOL]  lock(&ptp->n_vclocks_mux);[EOL]  lock(&ptp->n_vclocks_mux);[EOL][EOL] *** DEADLOCK ***[EOL]....[EOL]============================================[EOL][EOL]The best way to solve this is to remove the logic that checks[EOL]ptp->n_vclocks in ptp_vclock_in_use().[EOL][EOL]The reason why this is appropriate is that any path that uses[EOL]ptp->n_vclocks must unconditionally check if ptp->n_vclocks is greater[EOL]than 0 before unregistering vclocks, and all functions are already[EOL]written this way. And in the function that uses ptp->n_vclocks, we[EOL]already get ptp->n_vclocks_mux before unregistering vclocks.[EOL][EOL]Therefore, we need to remove the redundant check for ptp->n_vclocks in[EOL]ptp_vclock_in_use() to prevent recursive locking.

CREATE(Triage):(User=admin) [CVE-2025-38305 (https://nvd.nist.gov/vuln/detail/CVE-2025-38305)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube