4.7

CVE-2025-23151

bus: mhi: host: Fix race between unprepare and queue_buf

In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: host: Fix race between unprepare and queue_buf

A client driver may use mhi_unprepare_from_transfer() to quiesce
incoming data during the client driver's tear down. The client driver
might also be processing data at the same time, resulting in a call to
mhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs
after mhi_unprepare_from_transfer() has torn down the channel, a panic
will occur due to an invalid dereference leading to a page fault.

This occurs because mhi_gen_tre() does not verify the channel state
after locking it. Fix this by having mhi_gen_tre() confirm the channel
state is valid, or return error to avoid accessing deinitialized data.

[mani: added stable tag]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.149 < 5.15.181
LinuxLinux Kernel Version >= 6.1.76 < 6.1.135
LinuxLinux Kernel Version >= 6.6.15 < 6.6.88
LinuxLinux Kernel Version >= 6.7.3 < 6.12.24
LinuxLinux Kernel Version >= 6.13 < 6.13.12
LinuxLinux Kernel Version >= 6.14 < 6.14.3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.021
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b
Patch
https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1
Patch
https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425
Patch
https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760
Patch
https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6
Patch
https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380
Patch
https://git.kernel.org/stable/c/899d0353ea69681f474b6bc9de32c663b89672da
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Mailing List