CVE-2025-22111: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22111 is a vulnerability discovered in the Linux kernel related to the RTNL (Route Netlink) handling for SIOCBRADDIF and SIOCBRDELIF operations. The vulnerability was disclosed on April 16, 2025, affecting the Linux kernel's networking subsystem. The issue stems from an unnecessary RTNL dance that occurs when these operations are processed (NVD CVE).

The vulnerability occurs in the Linux kernel's networking subsystem where SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioctl_call(). This creates a race condition between Thread A (attempting to detach a device from a bridge) and Thread B (trying to remove the bridge). The issue manifests when Thread A increases the bridge device's reference count and releases RTNL, while Thread B attempts to remove the bridge device in the race window. Red Hat has assigned this vulnerability a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (Red Hat CVE).

The vulnerability can result in a system deadlock under RTNL pressure. When exploited, it causes Thread B to wait indefinitely for netdev_put() by Thread A, while Thread A must hold RTNL after the unlock in dev_ifsioc(). This can lead to system resource exhaustion and potential denial of service conditions (NVD CVE).

The fix involves removing the RTNL dance for SIOCBRADDIF and SIOCBRDELIF operations. The solution moves several operations including copying struct ifreq, checking CAP_NET_ADMIN, and fetching the master dev to br_ioctl_stub(). Some Linux distributions have already implemented fixes, with Red Hat Enterprise Linux 8 marked as not affected, while fixes are deferred for Red Hat Enterprise Linux 9 (Red Hat CVE).