CVE-2025-40231

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40231
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40231.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40231
Downstream
Related
Published
2025-12-04T15:31:22.199Z
Modified
2026-03-12T02:16:50.541239Z
Summary
vsock: fix lock inversion in vsock_assign_transport()
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock: fix lock inversion in vsockassigntransport()

Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsock_linger() is called.

The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsockregistermutex locking in vsockassigntransport() around the transport->release() call, that can call vsocklinger(). vsockassigntransport() can be called with sklock held. vsocklinger() calls skwaitevent() that temporarily releases and re-acquires sklock. During this window, if another thread hold vsockregistermutex while trying to acquire sk_lock, a circular dependency is created.

Fix this by releasing vsockregistermutex before calling transport->release() and vsockdeassigntransport(). This is safe because we don't need to hold vsockregistermutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via trymoduleget().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40231.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8667e8d0eb46bc54fdae30ba2f4786407d3d88eb
Fixed
ce4f856c64f0bc30e29302a0ce41f4295ca391c5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
36a439049b34cca0b3661276049b84a1f76cc21a
Fixed
09bba278ccde25a14b6e5088a9e65a8717d0cccf
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ce53e744f18e73059d3124070e960f3aa9902bf
Fixed
b44182c116778feaa05da52a426aeb9da1878dcf
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9d24bb6780282b0255b9929abe5e8f98007e2c6e
Fixed
42ed0784d11adebf748711e503af0eb9f1e6d81d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ae2c712ba39c7007de63cb0c75b51ce1caaf1da5
Fixed
251caee792a21eb0b781aab91362b422c945e162
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
687aa0c5581b8d4aa87fd92973e4ee576b550cdf
Fixed
a2a4346eea8b4cb75037dbcb20b98cb454324f80
Fixed
f7c877e7535260cc7a21484c994e8ce7e8cb6780
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7b73bddf54777fb62d4d8c7729d0affe6df04477

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40231.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.246
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.196
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.158
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.115
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.56
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40231.json"