{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39831", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.140Z", "datePublished": "2025-09-16T13:08:48.841Z", "dateUpdated": "2025-09-16T13:08:48.841Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-16T13:08:48.841Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbnic: Move phylink resume out of service_task and into open/close\n\nThe fbnic driver was presenting with the following locking assert coming\nout of a PM resume:\n[ 42.208116][ T164] RTNL: assertion failed at drivers/net/phy/phylink.c (2611)\n[ 42.208492][ T164] WARNING: CPU: 1 PID: 164 at drivers/net/phy/phylink.c:2611 phylink_resume+0x190/0x1e0\n[ 42.208872][ T164] Modules linked in:\n[ 42.209140][ T164] CPU: 1 UID: 0 PID: 164 Comm: bash Not tainted 6.17.0-rc2-virtme #134 PREEMPT(full)\n[ 42.209496][ T164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[ 42.209861][ T164] RIP: 0010:phylink_resume+0x190/0x1e0\n[ 42.210057][ T164] Code: 83 e5 01 0f 85 b0 fe ff ff c6 05 1c cd 3e 02 01 90 ba 33 0a 00 00 48 c7 c6 20 3a 1d a5 48 c7 c7 e0 3e 1d a5 e8 21 b8 90 fe 90 <0f> 0b 90 90 e9 86 fe ff ff e8 42 ea 1f ff e9 e2 fe ff ff 48 89 ef\n[ 42.210708][ T164] RSP: 0018:ffffc90000affbd8 EFLAGS: 00010296\n[ 42.210983][ T164] RAX: 0000000000000000 RBX: ffff8880078d8400 RCX: 0000000000000000\n[ 42.211235][ T164] RDX: 0000000000000000 RSI: 1ffffffff4f10938 RDI: 0000000000000001\n[ 42.211466][ T164] RBP: 0000000000000000 R08: ffffffffa2ae79ea R09: fffffbfff4b3eb84\n[ 42.211707][ T164] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888007ad8000\n[ 42.211997][ T164] R13: 0000000000000002 R14: ffff888006a18800 R15: ffffffffa34c59e0\n[ 42.212234][ T164] FS: 00007f0dc8e39740(0000) GS:ffff88808f51f000(0000) knlGS:0000000000000000\n[ 42.212505][ T164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 42.212704][ T164] CR2: 00007f0dc8e9fe10 CR3: 000000000b56d003 CR4: 0000000000772ef0\n[ 42.213227][ T164] PKRU: 55555554\n[ 42.213366][ T164] Call Trace:\n[ 42.213483][ T164] <TASK>\n[ 42.213565][ T164] __fbnic_pm_attach.isra.0+0x8e/0xa0\n[ 42.213725][ T164] pci_reset_function+0x116/0x1d0\n[ 42.213895][ T164] reset_store+0xa0/0x100\n[ 42.214025][ T164] ? pci_dev_reset_attr_is_visible+0x50/0x50\n[ 42.214221][ T164] ? sysfs_file_kobj+0xc1/0x1e0\n[ 42.214374][ T164] ? sysfs_kf_write+0x65/0x160\n[ 42.214526][ T164] kernfs_fop_write_iter+0x2f8/0x4c0\n[ 42.214677][ T164] ? kernfs_vma_page_mkwrite+0x1f0/0x1f0\n[ 42.214836][ T164] new_sync_write+0x308/0x6f0\n[ 42.214987][ T164] ? __lock_acquire+0x34c/0x740\n[ 42.215135][ T164] ? new_sync_read+0x6f0/0x6f0\n[ 42.215288][ T164] ? lock_acquire.part.0+0xbc/0x260\n[ 42.215440][ T164] ? ksys_write+0xff/0x200\n[ 42.215590][ T164] ? perf_trace_sched_switch+0x6d0/0x6d0\n[ 42.215742][ T164] vfs_write+0x65e/0xbb0\n[ 42.215876][ T164] ksys_write+0xff/0x200\n[ 42.215994][ T164] ? __ia32_sys_read+0xc0/0xc0\n[ 42.216141][ T164] ? do_user_addr_fault+0x269/0x9f0\n[ 42.216292][ T164] ? rcu_is_watching+0x15/0xd0\n[ 42.216442][ T164] do_syscall_64+0xbb/0x360\n[ 42.216591][ T164] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[ 42.216784][ T164] RIP: 0033:0x7f0dc8ea9986\n\nA bit of digging showed that we were invoking the phylink_resume as a part\nof the fbnic_up path when we were enabling the service task while not\nholding the RTNL lock. We should be enabling this sooner as a part of the\nndo_open path and then just letting the service task come online later.\nThis will help to enforce the correct locking and brings the phylink\ninterface online at the same time as the network interface, instead of at a\nlater time.\n\nI tested this on QEMU to verify this was working by putting the system to\nsleep using \"echo mem > /sys/power/state\" to put the system to sleep in the\nguest and then using the command \"system_wakeup\" in the QEMU monitor."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/meta/fbnic/fbnic_netdev.c", "drivers/net/ethernet/meta/fbnic/fbnic_pci.c"], "versions": [{"version": "69684376eed517817251ea6a768cfc315350d5c1", "lessThan": "7aab65c62a8a8b48c02e600fe9367b2af662fcb6", "status": "affected", "versionType": "git"}, {"version": "69684376eed517817251ea6a768cfc315350d5c1", "lessThan": "3ac5f54e47eb348a4bc26e600c63b4d778a22e23", "status": "affected", "versionType": "git"}, {"version": "69684376eed517817251ea6a768cfc315350d5c1", "lessThan": "6ede14a2c6365e7e5d855643c7c8390b5268c467", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/meta/fbnic/fbnic_netdev.c", "drivers/net/ethernet/meta/fbnic/fbnic_pci.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.45", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.5", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.45"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.16.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.17-rc4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7aab65c62a8a8b48c02e600fe9367b2af662fcb6"}, {"url": "https://git.kernel.org/stable/c/3ac5f54e47eb348a4bc26e600c63b4d778a22e23"}, {"url": "https://git.kernel.org/stable/c/6ede14a2c6365e7e5d855643c7c8390b5268c467"}], "title": "fbnic: Move phylink resume out of service_task and into open/close", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbnic: Move phylink resume out of service_task and into open/close\n\nThe fbnic driver was presenting with the following locking assert coming\nout of a PM resume:\n[ 42.208116][ T164] RTNL: assertion failed at drivers/net/phy/phylink.c (2611)\n[ 42.208492][ T164] WARNING: CPU: 1 PID: 164 at drivers/net/phy/phylink.c:2611 phylink_resume+0x190/0x1e0\n[ 42.208872][ T164] Modules linked in:\n[ 42.209140][ T164] CPU: 1 UID: 0 PID: 164 Comm: bash Not tainted 6.17.0-rc2-virtme #134 PREEMPT(full)\n[ 42.209496][ T164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[ 42.209861][ T164] RIP: 0010:phylink_resume+0x190/0x1e0\n[ 42.210057][ T164] Code: 83 e5 01 0f 85 b0 fe ff ff c6 05 1c cd 3e 02 01 90 ba 33 0a 00 00 48 c7 c6 20 3a 1d a5 48 c7 c7 e0 3e 1d a5 e8 21 b8 90 fe 90 <0f> 0b 90 90 e9 86 fe ff ff e8 42 ea 1f ff e9 e2 fe ff ff 48 89 ef\n[ 42.210708][ T164] RSP: 0018:ffffc90000affbd8 EFLAGS: 00010296\n[ 42.210983][ T164] RAX: 0000000000000000 RBX: ffff8880078d8400 RCX: 0000000000000000\n[ 42.211235][ T164] RDX: 0000000000000000 RSI: 1ffffffff4f10938 RDI: 0000000000000001\n[ 42.211466][ T164] RBP: 0000000000000000 R08: ffffffffa2ae79ea R09: fffffbfff4b3eb84\n[ 42.211707][ T164] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888007ad8000\n[ 42.211997][ T164] R13: 0000000000000002 R14: ffff888006a18800 R15: ffffffffa34c59e0\n[ 42.212234][ T164] FS: 00007f0dc8e39740(0000) GS:ffff88808f51f000(0000) knlGS:0000000000000000\n[ 42.212505][ T164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 42.212704][ T164] CR2: 00007f0dc8e9fe10 CR3: 000000000b56d003 CR4: 0000000000772ef0\n[ 42.213227][ T164] PKRU: 55555554\n[ 42.213366][ T164] Call Trace:\n[ 42.213483][ T164] <TASK>\n[ 42.213565][ T164] __fbnic_pm_attach.isra.0+0x8e/0xa0\n[ 42.213725][ T164] pci_reset_function+0x116/0x1d0\n[ 42.213895][ T164] reset_store+0xa0/0x100\n[ 42.214025][ T164] ? pci_dev_reset_attr_is_visible+0x50/0x50\n[ 42.214221][ T164] ? sysfs_file_kobj+0xc1/0x1e0\n[ 42.214374][ T164] ? sysfs_kf_write+0x65/0x160\n[ 42.214526][ T164] kernfs_fop_write_iter+0x2f8/0x4c0\n[ 42.214677][ T164] ? kernfs_vma_page_mkwrite+0x1f0/0x1f0\n[ 42.214836][ T164] new_sync_write+0x308/0x6f0\n[ 42.214987][ T164] ? __lock_acquire+0x34c/0x740\n[ 42.215135][ T164] ? new_sync_read+0x6f0/0x6f0\n[ 42.215288][ T164] ? lock_acquire.part.0+0xbc/0x260\n[ 42.215440][ T164] ? ksys_write+0xff/0x200\n[ 42.215590][ T164] ? perf_trace_sched_switch+0x6d0/0x6d0\n[ 42.215742][ T164] vfs_write+0x65e/0xbb0\n[ 42.215876][ T164] ksys_write+0xff/0x200\n[ 42.215994][ T164] ? __ia32_sys_read+0xc0/0xc0\n[ 42.216141][ T164] ? do_user_addr_fault+0x269/0x9f0\n[ 42.216292][ T164] ? rcu_is_watching+0x15/0xd0\n[ 42.216442][ T164] do_syscall_64+0xbb/0x360\n[ 42.216591][ T164] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[ 42.216784][ T164] RIP: 0033:0x7f0dc8ea9986\n\nA bit of digging showed that we were invoking the phylink_resume as a part\nof the fbnic_up path when we were enabling the service task while not\nholding the RTNL lock. We should be enabling this sooner as a part of the\nndo_open path and then just letting the service task come online later.\nThis will help to enforce the correct locking and brings the phylink\ninterface online at the same time as the network interface, instead of at a\nlater time.\n\nI tested this on QEMU to verify this was working by putting the system to\nsleep using \"echo mem > /sys/power/state\" to put the system to sleep in the\nguest and then using the command \"system_wakeup\" in the QEMU monitor."}], "id": "CVE-2025-39831", "lastModified": "2025-09-17T14:18:55.093", "metrics": {}, "published": "2025-09-16T14:15:51.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3ac5f54e47eb348a4bc26e600c63b4d778a22e23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ede14a2c6365e7e5d855643c7c8390b5268c467"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7aab65c62a8a8b48c02e600fe9367b2af662fcb6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: fbnic: Move phylink resume out of service_task and into open/close", "id": "2395779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395779"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-39831", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-39831\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39831\nhttps://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39831-1112@gregkh/T"], "threat_severity": "Moderate"}