CVE-2025-37968
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/05/2025
Last modified:
12/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
iio: light: opt3001: fix deadlock due to concurrent flag access<br />
<br />
The threaded IRQ function in this driver is reading the flag twice: once to<br />
lock a mutex and once to unlock it. Even though the code setting the flag<br />
is designed to prevent it, there are subtle cases where the flag could be<br />
true at the mutex_lock stage and false at the mutex_unlock stage. This<br />
results in the mutex not being unlocked, resulting in a deadlock.<br />
<br />
Fix it by making the opt3001_irq() code generally more robust, reading the<br />
flag into a variable and using the variable value at both stages.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.3 (including) | 5.4.299 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.243 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.192 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.151 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.105 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.30 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.14.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1d7def97e7eb65865ccc01bbdf4eb9e6bbe8a5b5
- https://git.kernel.org/stable/c/2c95c8f0959d0a72575eabf2ff888f47ed6d8b77
- https://git.kernel.org/stable/c/748ebd8e61d0bc182c331b8df3887af7285c8a8f
- https://git.kernel.org/stable/c/7ca84f6a22d50bf8b31efe9eb05f9859947266d7
- https://git.kernel.org/stable/c/957e8be112636d9bc692917286e81e54bd87decc
- https://git.kernel.org/stable/c/a9c56ccb7cddfca754291fb24b108a5350a5fbe9
- https://git.kernel.org/stable/c/e791bf216c9e236b34dabf514ec0ede140cca719
- https://git.kernel.org/stable/c/f063a28002e3350088b4577c5640882bf4ea17ea
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html