CVE-2025-37884

Published: May 9, 2025Modified: Jan 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() There are several paths where _free_event() grabs event_mutex and calls sync_rcu_tasks_trace. Above is one such case. CPU B bpf_prog_test_run_syscall() rcu_read_lock_trace() bpf_prog_run_pin_on_cpu() bpf_prog_load() bpf_tracing_func_proto() trace_set_clr_event() mutex_lock(&event_mutex) Delegate trace_set_clr_event() to workqueue to avoid such lock dependency.

Affected (5)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.1.136
Linux Linux Kernel	From 6.13 to 6.14.5
Linux Linux Kernel	From 6.2 to 6.6.89
Linux Linux Kernel	From 6.7 to 6.12.26

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (3)

https://git.kernel.org/stable/c/45286680b385f2592db3003554872388dee66d68

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.