Impact
A redundant locking call in the Linux kernel's DSA conduit ethtool wrapper causes a deadlock when the ethtool command is executed against the conduit device. The lock is held twice, which stalls all operations on the affected network device and can bring network functionality to a halt. The vulnerability does not compromise confidentiality or integrity; its impact is limited to availability of the network device, potentially causing a system‑wide network outage until the kernel is rebooted or the device is reset.
Affected Systems
The issue affects Linux kernels that enable the Data Switch Architecture (DSA) feature, especially configurations that use CONFIG_NET_DSA_LOOP or similar testing devices that auto-populate the ports of eth0. All distributions shipping the Linux kernel can be impacted if the DSA conduit implementation and the redundant lock calls are present. No specific version range is provided in the advisory.
Risk and Exploitability
The EPSS score is < 1% (approximately 0.00155), indicating a very low but non‑zero likelihood of exploitation. The vulnerability is not listed in CISA KEV, so its real‑world exploitation risk remains uncertain. The attack vector appears local, requiring an attacker to run ethtool against a device that is already running. An attacker who can trigger the ethtool command can cause a kernel‑level deadlock, disabling network services and potentially requiring a system reboot. The CVSS score of 5.5 indicates that the vulnerability is of moderate severity.
OpenCVE Enrichment