CVE-2025-21911

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, rather than in the release function itself. Fixes deadlock issues such as the following: [ 607.400437] ============================================ [ 607.405755] WARNING: possible recursive locking detected [ 607.415500] -------------------------------------------- [ 607.420817] weston:zfq0/24149 is trying to acquire lock: [ 607.426131] ffff000017d041a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: pvr_gem_object_vunmap+0x40/0xc0 [powervr] [ 607.436728] but task is already holding lock: [ 607.442554] ffff000017d105a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: dma_buf_ioctl+0x250/0x554 [ 607.451727] other info that might help us debug this: [ 607.458245] Possible unsafe locking scenario: [ 607.464155] CPU0 [ 607.466601] ---- [ 607.469044] lock(reservation_ww_class_mutex); [ 607.473584] lock(reservation_ww_class_mutex); [ 607.478114] *** DEADLOCK ***

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/9bd8b8d34cf4efba18766d64f817c819ed1bbde7	Patch
https://git.kernel.org/stable/c/d993ae7360923efd6ade43a32043459a121c28c1	Patch
https://git.kernel.org/stable/c/df1a1ed5e1bdd9cc13148e0e5549f5ebcf76cf13	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::

History

No history.

Information

Published : 2025-04-01 16:15

Updated : 2025-10-01 20:18

NVD link : CVE-2025-21911

Mitre link : CVE-2025-21911

CVE.ORG link : CVE-2025-21911

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2025-21911", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-01T16:15:21.677", "references": [{"url": "https://git.kernel.org/stable/c/9bd8b8d34cf4efba18766d64f817c819ed1bbde7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d993ae7360923efd6ade43a32043459a121c28c1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/df1a1ed5e1bdd9cc13148e0e5549f5ebcf76cf13", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-667"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: avoid deadlock on fence release\n\nDo scheduler queue fence release processing on a workqueue, rather\nthan in the release function itself.\n\nFixes deadlock issues such as the following:\n\n[ 607.400437] ============================================\n[ 607.405755] WARNING: possible recursive locking detected\n[ 607.415500] --------------------------------------------\n[ 607.420817] weston:zfq0/24149 is trying to acquire lock:\n[ 607.426131] ffff000017d041a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: pvr_gem_object_vunmap+0x40/0xc0 [powervr]\n[ 607.436728]\n but task is already holding lock:\n[ 607.442554] ffff000017d105a0 (reservation_ww_class_mutex){+.+.}-{3:3}, at: dma_buf_ioctl+0x250/0x554\n[ 607.451727]\n other info that might help us debug this:\n[ 607.458245] Possible unsafe locking scenario:\n\n[ 607.464155] CPU0\n[ 607.466601] ----\n[ 607.469044] lock(reservation_ww_class_mutex);\n[ 607.473584] lock(reservation_ww_class_mutex);\n[ 607.478114]\n *** DEADLOCK ***"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/imagination: evitar el bloqueo en la liberaci\u00f3n de cercas El programador pone en cola el procesamiento de liberaci\u00f3n de cercas en una cola de trabajo, en lugar de en la funci\u00f3n de liberaci\u00f3n en s\u00ed. Corrige problemas de bloqueo como los siguientes: [ 607.400437] =============================================== [ 607.405755] ADVERTENCIA: posible bloqueo recursivo detectado [ 607.415500] -------------------------------------------- [ 607.420817] weston:zfq0/24149 est\u00e1 intentando adquirir el bloqueo: [ 607.426131] ffff000017d041a0 (reservation_ww_class_mutex){+.+.}-{3:3}, en: pvr_gem_object_vunmap+0x40/0xc0 [powervr] [ 607.436728] pero la tarea ya mantiene el bloqueo: [ 607.442554] ffff000017d105a0 (reservation_ww_class_mutex){+.+.}-{3:3}, en: dma_buf_ioctl+0x250/0x554 [ 607.451727] otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: [ 607.458245] Posible escenario de bloqueo inseguro: [ 607.464155] CPU0 [ 607.466601] ---- [ 607.469044] lock(reservation_ww_class_mutex); [ 607.473584] lock(reservation_ww_class_mutex); [ 607.478114] *** BLOQUEO INTERMEDIO ***"}], "lastModified": "2025-10-01T20:18:32.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4A54F97-E095-42DC-931A-DA4EAF83CCF6", "versionEndExcluding": "6.12.19", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "842F5A44-3E71-4546-B4FD-43B0ACE3F32B", "versionEndExcluding": "6.13.7", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}