{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-37847", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.954Z", "datePublished": "2025-05-09T06:41:55.289Z", "dateUpdated": "2025-05-26T05:22:12.157Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-26T05:22:12.157Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix deadlock in ivpu_ms_cleanup()\n\nFix deadlock in ivpu_ms_cleanup() by preventing runtime resume after\nfile_priv->ms_lock is acquired.\n\nDuring a failure in runtime resume, a cold boot is executed, which\ncalls ivpu_ms_cleanup_all(). This function calls ivpu_ms_cleanup()\nthat acquires file_priv->ms_lock and causes the deadlock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/ivpu/ivpu_ms.c"], "versions": [{"version": "cdfad4db7756563db7d458216d9e3c2651dddc7d", "lessThan": "7d12a7d43c7bab9097ba466581d8db702e7908dc", "status": "affected", "versionType": "git"}, {"version": "cdfad4db7756563db7d458216d9e3c2651dddc7d", "lessThan": "f996ecc789b5dbaaf38b6ec0a1917821789cbd9c", "status": "affected", "versionType": "git"}, {"version": "cdfad4db7756563db7d458216d9e3c2651dddc7d", "lessThan": "019634f27a16796eab749e8107dae32099945f29", "status": "affected", "versionType": "git"}, {"version": "cdfad4db7756563db7d458216d9e3c2651dddc7d", "lessThan": "9a6f56762d23a1f3af15e67901493c927caaf882", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/ivpu/ivpu_ms.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.24", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.12", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.3", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.13.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.14.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7d12a7d43c7bab9097ba466581d8db702e7908dc"}, {"url": "https://git.kernel.org/stable/c/f996ecc789b5dbaaf38b6ec0a1917821789cbd9c"}, {"url": "https://git.kernel.org/stable/c/019634f27a16796eab749e8107dae32099945f29"}, {"url": "https://git.kernel.org/stable/c/9a6f56762d23a1f3af15e67901493c927caaf882"}], "title": "accel/ivpu: Fix deadlock in ivpu_ms_cleanup()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4984066B-B1BF-482D-B569-B93EC91B55F2", "versionEndExcluding": "6.12.24", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A475784-BF3B-4514-81EE-49C8522FB24A", "versionEndExcluding": "6.13.12", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "483E2E15-2135-4EC6-AB64-16282C5EF704", "versionEndExcluding": "6.14.3", "versionStartIncluding": "6.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix deadlock in ivpu_ms_cleanup()\n\nFix deadlock in ivpu_ms_cleanup() by preventing runtime resume after\nfile_priv->ms_lock is acquired.\n\nDuring a failure in runtime resume, a cold boot is executed, which\ncalls ivpu_ms_cleanup_all(). This function calls ivpu_ms_cleanup()\nthat acquires file_priv->ms_lock and causes the deadlock."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: accel/ivpu: Se corrige el bloqueo en ivpu_ms_cleanup(). Se corrige el bloqueo en ivpu_ms_cleanup() impidiendo la reanudaci\u00f3n en tiempo de ejecuci\u00f3n tras adquirir file_priv->ms_lock. Durante un fallo en la reanudaci\u00f3n en tiempo de ejecuci\u00f3n, se ejecuta un arranque en fr\u00edo que llama a ivpu_ms_cleanup_all(). Esta funci\u00f3n llama a ivpu_ms_cleanup(), que adquiere file_priv->ms_lock y provoca el bloqueo."}], "id": "CVE-2025-37847", "lastModified": "2025-11-17T12:54:40.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-09T07:16:05.537", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/019634f27a16796eab749e8107dae32099945f29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d12a7d43c7bab9097ba466581d8db702e7908dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9a6f56762d23a1f3af15e67901493c927caaf882"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f996ecc789b5dbaaf38b6ec0a1917821789cbd9c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: accel/ivpu: Fix deadlock in ivpu_ms_cleanup()", "id": "2365282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365282"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\naccel/ivpu: Fix deadlock in ivpu_ms_cleanup()\nFix deadlock in ivpu_ms_cleanup() by preventing runtime resume after\nfile_priv->ms_lock is acquired.\nDuring a failure in runtime resume, a cold boot is executed, which\ncalls ivpu_ms_cleanup_all(). This function calls ivpu_ms_cleanup()\nthat acquires file_priv->ms_lock and causes the deadlock."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-37847", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-37847\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37847\nhttps://lore.kernel.org/linux-cve-announce/2025050918-CVE-2025-37847-c856@gregkh/T"], "statement": "The bug is deadlock only. Considering this one as Moderate severity. The Red Hat Enterprise Linux (or Fedora) not affected, but vulnerable code not introduced yet.", "threat_severity": "Moderate"}