5.5

CVE-2025-37884

EPSS 0.01%
Veröffentlicht 09.05.2025 06:45:47
Zuletzt bearbeitet 12.11.2025 19:30:02
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix deadlock between rcu_tasks_trace and event_mutex.

Fix the following deadlock:
CPU A
_free_event()
  perf_kprobe_destroy()
    mutex_lock(&event_mutex)
      perf_trace_event_unreg()
        synchronize_rcu_tasks_trace()

There are several paths where _free_event() grabs event_mutex
and calls sync_rcu_tasks_trace. Above is one such case.

CPU B
bpf_prog_test_run_syscall()
  rcu_read_lock_trace()
    bpf_prog_run_pin_on_cpu()
      bpf_prog_load()
        bpf_tracing_func_proto()
          trace_set_clr_event()
            mutex_lock(&event_mutex)

Delegate trace_set_clr_event() to workqueue to avoid
such lock dependency.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1.136

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.89

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.26

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.5

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a

Patch

https://git.kernel.org/stable/c/b5a528a34e1f613565115a7a6016862ccbfcb9ac

Patch

https://git.kernel.org/stable/c/c5c833f6375f8ecf9254dd27946c927c7d645421

Patch

https://git.kernel.org/stable/c/45286680b385f2592db3003554872388dee66d68

Patch

https://git.kernel.org/stable/c/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-37884

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37884

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37884

EUVD