{"id":"CVE-2025-38048","summary":"virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_ring: Fix data race by tagging event_triggered as racy for KCSAN\n\nsyzbot reports a data-race when accessing the event_triggered, here is the\nsimplified stack when the issue occurred:\n\n==================================================================\nBUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed\n\nwrite to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0:\n virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653\n start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3800 [inline]\n\nread to 0xffff8881025bc452 of 1 bytes by interrupt on cpu 1:\n virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [inline]\n virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566\n skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777\n vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715\n __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158\n handle_irq_event_percpu kernel/irq/handle.c:193 [inline]\n\nvalue changed: 0x01 -\u003e 0x00\n==================================================================\n\nWhen the data race occurs, the function virtqueue_enable_cb_delayed() sets\nevent_triggered to false, and virtqueue_disable_cb_split/packed() reads it\nas false due to the race condition. Since event_triggered is an unreliable\nhint used for optimization, this should only cause the driver temporarily\nsuggest that the device not send an interrupt notification when the event\nindex is used.\n\nFix this KCSAN reported data-race issue by explicitly tagging the access as\ndata_racy.","modified":"2026-03-20T12:42:38.774751Z","published":"2025-06-18T09:33:31.413Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38048.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2e2f925fe737576df2373931c95e1a2b66efdfef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ed8f0e808b3fcc71c5b8be7902d8738ed595b17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b49b5132e4c7307599492aee1cdc6d89f7f2a7da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b6d6419548286b2b9d2b90df824d3cab797f6ae8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b730cb109633c455ce8a7cd6934986c6a16d88d8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38048.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38048"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8d622d21d24803408b256d96463eac4574dcf067"},{"fixed":"02d2d6caee3abc9335cfca35f8eb4492173ae6f2"},{"fixed":"b6d6419548286b2b9d2b90df824d3cab797f6ae8"},{"fixed":"b49b5132e4c7307599492aee1cdc6d89f7f2a7da"},{"fixed":"b730cb109633c455ce8a7cd6934986c6a16d88d8"},{"fixed":"4ed8f0e808b3fcc71c5b8be7902d8738ed595b17"},{"fixed":"2e2f925fe737576df2373931c95e1a2b66efdfef"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38048.json"}}],"schema_version":"1.7.5"}