Stay Connected:

CVE-2025-37907

CVE Details

Release Date:2025-05-20
Impact:Low What is this?

Description


In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submitted_jobs (#1). After the last job is destroyed, it proceeds to release the related context and locks file_priv (#2). Meanwhile, in the job submission thread, the file_priv lock (#2) is taken first, and then the submitted_jobs lock (#1) is obtained when a job is added to the submitted jobs list. CPU0 CPU1 ---- ---- (for example due to a fault) (jobs submissions keep coming) lock(&vdev->submitted_jobs_lock) #1 ivpu_jobs_abort_all() job_destroy() lock(&file_priv->lock) #2 lock(&vdev->submitted_jobs_lock) #1 file_priv_release() lock(&vdev->context_list_lock) lock(&file_priv->lock) #2 This order of locking causes a deadlock. To resolve this issue, change the order of locking in ivpu_job_submit().

See more information about CVE-2025-37907 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 4.7
Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 10 (kernel-uek) ELSA-2025-204802025-07-17
Oracle Linux version 9 (kernel-uek) ELSA-2025-204802025-07-17


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights