Primary

Context

Linux Kernel Broadcom bnxt_en Driver Lock Dependency Vulnerability

Vulnerability

Patched

A lock dependency issue has been identified in the Linux kernel's Broadcom bnxt_en Ethernet driver. This vulnerability arises from the improper handling of network device locks during the removal of the driver, which can lead to warnings and potential instability. The issue is present in several versions of the Linux kernel, including 6.16.0.

Impact

The vulnerability can cause lock dependency warnings, indicating potential issues with driver removal and network device management.

Reproduction

The vulnerability can be reproduced by removing the bnxt_en driver module using the 'rmmod' command. This action triggers a lock dependency warning because the 'bnxt_free_ntp_fltrs' function expects the network device lock to be held, but the device has already been unregistered during the driver removal process.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Sep 11, 2025, 6:07 PM

Updated: Sep 11, 2025, 6:07 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Broadcom bnxt_en Driver Lock Dependency Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating