Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-37745

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
05/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()<br /> <br /> syzbot reported a deadlock in lock_system_sleep() (see below).<br /> <br /> The write operation to "/sys/module/hibernate/parameters/compressor"<br /> conflicts with the registration of ieee80211 device, resulting in a deadlock<br /> when attempting to acquire system_transition_mutex under param_lock.<br /> <br /> To avoid this deadlock, change hibernate_compressor_param_set() to use<br /> mutex_trylock() for attempting to acquire system_transition_mutex and<br /> return -EBUSY when it fails.<br /> <br /> Task flags need not be saved or adjusted before calling<br /> mutex_trylock(&amp;system_transition_mutex) because the caller is not going<br /> to end up waiting for this mutex and if it runs concurrently with system<br /> suspend in progress, it will be frozen properly when it returns to user<br /> space.<br /> <br /> syzbot report:<br /> <br /> syz-executor895/5833 is trying to acquire lock:<br /> ffffffff8e0828c8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 kernel/power/main.c:56<br /> <br /> but task is already holding lock:<br /> ffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: kernel_param_lock kernel/params.c:607 [inline]<br /> ffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: param_attr_store+0xe6/0x300 kernel/params.c:586<br /> <br /> which lock already depends on the new lock.<br /> <br /> the existing dependency chain (in reverse order) is:<br /> <br /> -&gt; #3 (param_lock){+.+.}-{4:4}:<br /> __mutex_lock_common kernel/locking/mutex.c:585 [inline]<br /> __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730<br /> ieee80211_rate_control_ops_get net/mac80211/rate.c:220 [inline]<br /> rate_control_alloc net/mac80211/rate.c:266 [inline]<br /> ieee80211_init_rate_ctrl_alg+0x18d/0x6b0 net/mac80211/rate.c:1015<br /> ieee80211_register_hw+0x20cd/0x4060 net/mac80211/main.c:1531<br /> mac80211_hwsim_new_radio+0x304e/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5558<br /> init_mac80211_hwsim+0x432/0x8c0 drivers/net/wireless/virtual/mac80211_hwsim.c:6910<br /> do_one_initcall+0x128/0x700 init/main.c:1257<br /> do_initcall_level init/main.c:1319 [inline]<br /> do_initcalls init/main.c:1335 [inline]<br /> do_basic_setup init/main.c:1354 [inline]<br /> kernel_init_freeable+0x5c7/0x900 init/main.c:1568<br /> kernel_init+0x1c/0x2b0 init/main.c:1457<br /> ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148<br /> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244<br /> <br /> -&gt; #2 (rtnl_mutex){+.+.}-{4:4}:<br /> __mutex_lock_common kernel/locking/mutex.c:585 [inline]<br /> __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730<br /> wg_pm_notification drivers/net/wireguard/device.c:80 [inline]<br /> wg_pm_notification+0x49/0x180 drivers/net/wireguard/device.c:64<br /> notifier_call_chain+0xb7/0x410 kernel/notifier.c:85<br /> notifier_call_chain_robust kernel/notifier.c:120 [inline]<br /> blocking_notifier_call_chain_robust kernel/notifier.c:345 [inline]<br /> blocking_notifier_call_chain_robust+0xc9/0x170 kernel/notifier.c:333<br /> pm_notifier_call_chain_robust+0x27/0x60 kernel/power/main.c:102<br /> snapshot_open+0x189/0x2b0 kernel/power/user.c:77<br /> misc_open+0x35a/0x420 drivers/char/misc.c:179<br /> chrdev_open+0x237/0x6a0 fs/char_dev.c:414<br /> do_dentry_open+0x735/0x1c40 fs/open.c:956<br /> vfs_open+0x82/0x3f0 fs/open.c:1086<br /> do_open fs/namei.c:3830 [inline]<br /> path_openat+0x1e88/0x2d80 fs/namei.c:3989<br /> do_filp_open+0x20c/0x470 fs/namei.c:4016<br /> do_sys_openat2+0x17a/0x1e0 fs/open.c:1428<br /> do_sys_open fs/open.c:1443 [inline]<br /> __do_sys_openat fs/open.c:1459 [inline]<br /> __se_sys_openat fs/open.c:1454 [inline]<br /> __x64_sys_openat+0x175/0x210 fs/open.c:1454<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> -&gt; #1 ((pm_chain_head).rwsem){++++}-{4:4}:<br /> down_read+0x9a/0x330 kernel/locking/rwsem.c:1524<br /> blocking_notifier_call_chain_robust kerne<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.12 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.14 (including) 6.14.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools