AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-23163: In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the

mediumvulnerability

security

Source: NVD/CVE DatabaseMay 1, 2025CVE-2025-23163

Summary

A deadlock (a situation where the system gets stuck because two parts of code are waiting for each other) was discovered in the Linux kernel's VLAN (virtual LAN, a way to create multiple logical networks on one physical device) handling code. The problem occurred when virtual network devices tried to acquire the same lock twice during network interface initialization, causing the system to hang. The fix changes when certain network flags are propagated, moving them from the device open process to the flag change process instead.

Solution / Mitigation

Propagate allmulti (receiving all multicast traffic) and promisc (promiscuous mode, receiving all traffic) flags on flags change, not on the open operation. This prevents the recursive locking issue by avoiding the need to re-acquire the same lock during device initialization.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-667

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-23163

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 99%