CVE-2025-37907

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock issue in the Linux kernel has been identified, specifically in the ivpu job submit function. This occurs due to an incorrect locking order when a thread aborts currently executing jobs due to a fault. The thread first locks the global lock protecting submitted jobs, then releases the related context and locks file priv. However, in the job submission thread, the file priv lock is taken first, followed by the submitted jobs lock. This locking order causes a deadlock. The issue is resolved by changing the order of locking in ivpu job submit.

Recommendations To resolve this issue, change the order of locking in the ivpu job submit function to avoid the deadlock. As a temporary workaround, consider disabling the job submission functionality until a patch is available. Restrict access to the ivpu job submit function to minimize the risk of exploitation.