SB2025070487 - Improper locking in Linux kernel ethernet cadence driver
Published: July 4, 2025
Security Bulletin ID
SB2025070487
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0772a608d799ac0d127c0a36047a2725777aba9d
- https://git.kernel.org/stable/c/1d60c0781c1bbeaa1196b0d8aad5c435f06cb7c4
- https://git.kernel.org/stable/c/3e64d35475aa21d13dab71da51de51923c1a3a48
- https://git.kernel.org/stable/c/64675a9c00443b2e8af42af08c38fc1b78b68ba2
- https://git.kernel.org/stable/c/84f98955a9de0e0f591df85aa1a44f3ebcf1cb37
- https://git.kernel.org/stable/c/aace6b63892ce8307e502a60fe2f5a4bc6e1cfe7
- https://git.kernel.org/stable/c/c92d6089d8ad7d4d815ebcedee3f3907b539ff1f