CVE-2025-40142

EPSS 0.02%
Veröffentlicht 12.11.2025 10:23:25
Zuletzt bearbeitet 12.11.2025 16:19:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT

snd_pcm_group_lock_irq() acquires a spinlock_t and disables interrupts
via spin_lock_irq(). This also implicitly disables the handling of
softirqs such as TIMER_SOFTIRQ.
On PREEMPT_RT softirqs are preemptible and spin_lock_irq() does not
disable them. That means a timer can be invoked during spin_lock_irq()
on the same CPU. Due to synchronisations reasons local_bh_disable() has
a per-CPU lock named softirq_ctrl.lock which synchronizes individual
softirq against each other.
syz-bot managed to trigger a lockdep report where softirq_ctrl.lock is
acquired in hrtimer_cancel() in addition to hrtimer_run_softirq(). This
is a possible deadlock.

The softirq_ctrl.lock can not be made part of spin_lock_irq() as this
would lead to too much synchronisation against individual threads on the
system. To avoid the possible deadlock, softirqs must be manually
disabled before the lock is acquired.

Disable softirqs before the lock is acquired on PREEMPT_RT.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 63ee96c7f47df239ee0a6e8108b6bfd8c98334ae

Version d2d6422f8bd17c6bb205133e290625a564194496

Status affected

Version < 3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a

Version d2d6422f8bd17c6bb205133e290625a564194496

Status affected

Version < 9fc4a3da9a0259a0500848b5d8657918efde176b

Version d2d6422f8bd17c6bb205133e290625a564194496

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.12

Status affected

Version < 6.12

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/63ee96c7f47df239ee0a6e8108b6bfd8c98334ae

https://git.kernel.org/stable/c/3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a

https://git.kernel.org/stable/c/9fc4a3da9a0259a0500848b5d8657918efde176b

https://nvd.nist.gov/vuln/detail/CVE-2025-40142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40142

EUVD