Primary

Context

Linux Kernel PCI Deadlock Vulnerability in SR-IOV Configuration

Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's PCI subsystem, specifically within the SR-IOV (Single Root I/O Virtualization) configuration process. The issue arises because the sysfs 'sriov_numvfs_store' function acquires the device lock before the configuration space access lock. This can lead to a deadlock when 'sriov_numvfs_store' is called after 'pci_dev_lock', which waits for the device lock, creating a circular dependency.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, causing the system to hang or become unresponsive while waiting for locks to be released.

Remediation

The vulnerability has been addressed by reversing the order in which locks are acquired, ensuring that the device lock is obtained before the configuration space access lock. Users should apply the latest patches available in the Linux kernel to mitigate this issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI Deadlock Vulnerability in SR-IOV Configuration

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating