Linux Kernel virtio_ring Data Race Vulnerability

Vulnerability

A data race vulnerability has been identified in the Linux kernel's virtio_ring implementation. This issue arises when the event_triggered variable is accessed concurrently by different tasks, leading to inconsistent states. The race condition occurs because virtqueue_enable_cb_delayed() can prematurely set event_triggered to false, while virtqueue_disable_cb_split/packed() reads it as false, causing a temporary disruption in interrupt notifications for the driver. The vulnerability affects several versions of the Linux kernel.

Impact

The data race can cause unreliable behavior in the virtio_net driver by disrupting the timing of interrupt notifications, potentially leading to missed or delayed interrupts.

Added: Jun 18, 2025, 11:20 AM

Updated: Jun 18, 2025, 11:20 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel virtio_ring Data Race Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating