PT-2025-20536 · Linux+6 · Linux Kernel+6

Published

2025-02-26

·

Updated

2026-05-26

·

CVE-2025-37884

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A deadlock issue has been identified in the Linux kernel, specifically between rcu tasks trace and event mutex. This occurs due to a lock dependency when free event() grabs event mutex and calls sync rcu tasks trace(), while bpf prog test run syscall() locks event mutex through trace set clr event(). To resolve this, trace set clr event() is delegated to a workqueue to avoid the lock dependency.
Recommendations For the Linux kernel, to mitigate this issue, consider disabling the bpf prog test run syscall() function until a patch is available. Restrict access to the event mutex to minimize the risk of exploitation. Avoid using the trace set clr event() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Locking

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

AZL-70162
BDU:2025-12338
CVE-2025-37884
DLA-4193-1
ECHO-8DB3-B0D9-04DB
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-1539
OESA-2025-1540
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20475-1
SUSE-SU-2025:20483-1
SUSE-SU-2025:20493-1
SUSE-SU-2025:20498-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu