Detections
Analytics

CVE-2025-37884

medium

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() There are several paths where _free_event() grabs event_mutex and calls sync_rcu_tasks_trace. Above is one such case. CPU B bpf_prog_test_run_syscall() rcu_read_lock_trace() bpf_prog_run_pin_on_cpu() bpf_prog_load() bpf_tracing_func_proto() trace_set_clr_event() mutex_lock(&event_mutex) Delegate trace_set_clr_event() to workqueue to avoid such lock dependency.

References

https://git.kernel.org/stable/c/c5c833f6375f8ecf9254dd27946c927c7d645421

https://git.kernel.org/stable/c/b5a528a34e1f613565115a7a6016862ccbfcb9ac

https://git.kernel.org/stable/c/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1

https://git.kernel.org/stable/c/45286680b385f2592db3003554872388dee66d68

https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a

Details

Source: Mitre, NVD

Published: 2025-05-09

Updated: 2025-05-09

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018