Linux Kernel e1000 Driver Deadlock Vulnerability

Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's e1000 network driver. The issue arises when the e1000_down function calls cancel_work_sync to halt the e1000 reset task, while holding the RTNL (Route Netlink) lock. This can lead to a deadlock situation, as the e1000_reset_task function, which requires the RTNL lock, cannot proceed while the lock is held by e1000_down. To resolve this issue, the call to cancel_work_sync has been moved to when the device is being removed, ensuring that the reset task is properly managed without causing a deadlock.

Impact

Exploitation of this vulnerability can lead to a deadlock condition, causing the system to hang and potentially disrupting network operations.

Added: Jul 3, 2025, 11:10 AM

Updated: Jul 3, 2025, 11:10 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel e1000 Driver Deadlock Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating