CVE-2026-45907
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net/mlx5e: Fix deadlocks between devlink and netdev instance locks<br />
<br />
In the mentioned "Fixes" commit, various work tasks triggering devlink<br />
health reporter recovery were switched to use netdev_trylock to protect<br />
against concurrent tear down of the channels being recovered. But this<br />
had the side effect of introducing potential deadlocks because of<br />
incorrect lock ordering.<br />
<br />
The correct lock order is described by the init flow:<br />
probe_one -> mlx5_init_one (acquires devlink lock)<br />
-> mlx5_init_one_devl_locked -> mlx5_register_device<br />
-> mlx5_rescan_drivers_locked -...-> mlx5e_probe -> _mlx5e_probe<br />
-> register_netdev (acquires rtnl lock)<br />
-> register_netdevice (acquires netdev lock)<br />
=> devlink lock -> rtnl lock -> netdev lock.<br />
<br />
But in the current recovery flow, the order is wrong:<br />
mlx5e_tx_err_cqe_work (acquires netdev lock)<br />
-> mlx5e_reporter_tx_err_cqe -> mlx5e_health_report<br />
-> devlink_health_report (acquires devlink lock => boom!)<br />
-> devlink_health_reporter_recover<br />
-> mlx5e_tx_reporter_recover -> mlx5e_tx_reporter_recover_from_ctx<br />
-> mlx5e_tx_reporter_err_cqe_recover<br />
<br />
The same pattern exists in:<br />
mlx5e_reporter_rx_timeout<br />
mlx5e_reporter_tx_ptpsq_unhealthy<br />
mlx5e_reporter_tx_timeout<br />
<br />
Fix these by moving the netdev_trylock calls from the work handlers<br />
lower in the call stack, in the respective recovery functions, where<br />
they are actually necessary.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.18.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



