Andrew Panyakin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") **Description** The issue arises from the incorrect lock order in the Linux kernel's xen/events module. Specifically, `shutdown pirq` and `startup pirq` do not take the `irq mapping update lock` due to lock inversion, leading to potential races. For instance, `shutdown pirq` can be interrupted by a function allocating an event channel, causing the `evtchn to irq` mapping to become invalid. Similarly, ` startup pirq` can race with ` unbind from irq`, potentially unsetting the mapping for an allocated event channel. This vulnerability can lead to a kernel BUG during the probing of NVMe devices, particularly when multiple devices are present, increasing the likelihood of hitting the race condition during boot. **Recommendations** To resolve this issue, apply the fix that modifies the internal [un]bind interfaces in the xen/events module, ensuring that the mappings are cleaned up before the event channel is closed. This fix is included in the commit 3fcdaf3d7634. Update the Linux kernel to a version that includes this commit or later to mitigate the vulnerability.