PT-2025-15402 · Linux+6 · Linux Kernel+6
Published
2025-04-08
·
Updated
2026-04-20
·
CVE-2025-22014
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A potential deadlock issue has been resolved in the Linux kernel. The problem occurs when a client process calls
pdr add lookup() to add a lookup for a service and schedules locator work. Later, another process receives a new server packet indicating the locator is up and calls pdr locator new server(), which sets pdr->locator init complete to true. This causes the first process to take a list lock and query the domain list, resulting in a timeout due to a deadlock. The response is queued to the same workqueue, and the second process cannot complete the new server request work due to the deadlock on the list lock.The issue is fixed by removing unnecessary list iteration, as it is already being done inside the locator work. The fix involves calling
schedule work() instead of iterating over the list.The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- The
pdr add lookup()function is called by a client process to add a lookup for a service. - The
pdr locator new server()function is called when a new server packet is received, settingpdr->locator init completeto true. - The
pdr locator work()function is scheduled to perform locator work. - The
mutex lock(&pdr->list lock)function is used to take a list lock, which can cause a deadlock.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu