Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Devlink Region Lock Vulnerability Allows Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's devlink component. This issue arises when the netdevsim simulation destroys regions that have pending snapshots, leading to a warning and a stack trace that indicates a locking assertion failure. The vulnerability is present in Linux kernel versions prior to 6.1.0-07460-g7ae9888d6e1c.

Impact

Exploitation of this vulnerability causes a kernel warning and a stack trace, indicating a disruption in the normal operation of the netdevsim component.

Reproduction

The vulnerability can be reproduced by reloading the netdevsim simulation after creating devlink regions with snapshots. The reload process will attempt to destroy the regions, but if snapshots are still pending, it will trigger a warning about the missing lock, demonstrating the issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Dec 24, 2025, 6:18 PM
Updated: Dec 24, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.