CVE-2025-37920: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's AFXDP generic RX path, identified as CVE-2025-37920. The vulnerability was disclosed on May 20, 2025, affecting the synchronization mechanism in shared umem mode where multiple sockets share a single xskbuff_pool (NVD, RedHat).

The vulnerability stems from a synchronization issue where the rxlock needed to be moved from xsksocket to xskbuffpool. The issue occurs specifically in the generic RX path where multiple sockets share a single xskbuffpool. While the RX queue is exclusive to xsk_socket, the FILL queue can be shared between multiple sockets, leading to a race condition when two CPU cores access the RX path of different sockets sharing the same umem. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) (RedHat).

The vulnerability could result in race conditions when multiple CPU cores simultaneously access the RX path of different sockets that share the same umem. This could potentially lead to data corruption or system instability (NVD).

The fix involves protecting both queues by acquiring spinlock in shared xskbuffpool. The solution moves spinlockbh(rxlock) after xskrcvcheck() and implements proper synchronization through xskbind() and xskisbound() memory barriers. Lock contention may be minimized in the future by implementing per-thread FQ buffering (NVD).