In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 [ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager [ 324.701689] preempt_count: 201, expected: 0 [ 324.701693] RCU nest depth: 0, expected: 0 [ 324.701697] 2 locks held by NetworkManager/1582: [ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0 [ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870 [ 324.701749] Preemption disabled at: [ 324.701752] [<ffffffff9cd23b9d>] __dev_open+0x3dd/0x870 [ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary) [ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022 [ 324.701774] Call Trace: [ 324.701777] <TASK> [ 324.701779] dump_stack_lvl+0x5d/0x80 [ 324.701788] ? __dev_open+0x3dd/0x870 [ 324.701793] __might_resched.cold+0x1ef/0x23d <..> [ 324.701818] __mutex_lock+0x113/0x1b80 <..> [ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf] [ 324.701935] ? kasan_save_track+0x14/0x30 [ 324.701941] idpf_mb_clean+0x143/0x380 [idpf] <..> [ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf] [ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf] [ 324.702021] ? rcu_is_watching+0x12/0xc0 [ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf] <..> [ 324.702122] __hw_addr_sync_dev+0x1cf/0x300 [ 324.702126] ? find_held_lock+0x32/0x90 [ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf] [ 324.702152] __dev_open+0x3f8/0x870 [ 324.702159] ? __pfx___dev_open+0x10/0x10 [ 324.702174] __dev_change_flags+0x443/0x650 <..> [ 324.702208] netif_change_flags+0x80/0x160 [ 324.702218] do_setlink.isra.0+0x16a0/0x3960 <..> [ 324.702349] rtnl_newlink+0x12fd/0x21e0 The sequence is as follows: rtnl_newlink()-> __dev_change_flags()-> __dev_open()-> dev_set_rx_mode() - > # disables BH and grabs "dev->addr_list_lock" idpf_set_rx_mode() -> # proceed only if VIRTCHNL2_CAP_MACFILTER is ON __dev_uc_sync() -> idpf_add_mac_filter -> idpf_add_del_mac_filters -> idpf_send_mb_msg() -> idpf_mb_clean() -> idpf_ctlq_clean_sq() # mutex_lock(cq_lock) Fix by converting cq_lock to a spinlock. All operations under the new lock are safe except freeing the DMA memory, which may use vunmap(). Fix by requesting a contiguous physical memory for the DMA mapping.
Conclusion & alert: CVE-2025-38392 is rated Low Risk (23.8/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.15%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-25 | 0.14% | 0.15% | +0.01% |
| 2 | 2026-06-15 | 0.02% | 0.14% | +0.13% |
| 3 | 2025-07-26 | — | 0.02% | — |
Full EPSS history (3 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2025-38392 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2025-38392 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2025-38392 |
suse
|
medium | CVE-2025-38392 severity moderate: SUSE including 537 source package names (2.1.3-6.67:kernel-default-base-6.4.0-32.1.21.10, 2.1.3-7.44:kernel-default-6.4.0-32.1, …), 1043 product×package rows across 200 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (200 product lines)): Fixed 690, Known Affected 231, Known Not Affected 101, First Fixed 21. | https://www.suse.com/security/cve/CVE-2025-38392/ |
ubuntu
|
medium | CVE-2025-38392 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, ignored 155, released 138, not-affected 95, needed 6, needs-triage 2, pending 1. | https://ubuntu.com/security/CVE-2025-38392 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 6.7, < 6.12.37 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.13, < 6.15.6 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 6.16 | cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 6.16 | cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 6.16 | cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* |
| linux | linux_kernel | 6.16 | cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:* |