PT-2025-22229 · Linux+6 · Linux Kernel+6

Published

2025-04-07

·

Updated

2026-04-20

·

CVE-2025-37968

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A deadlock issue in the Linux kernel has been identified, specifically in the iio: light: opt3001 driver. The threaded IRQ function is prone to a deadlock due to concurrent flag access. This occurs when the flag is read twice, once to lock a mutex and once to unlock it, potentially resulting in the mutex not being unlocked. The issue arises from subtle cases where the flag could be true at the mutex lock stage and false at the mutex unlock stage.
Recommendations To resolve this issue, the opt3001 irq() code should be made more robust by reading the flag into a variable and using the variable value at both stages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

BDU:2026-02397
CVE-2025-37968
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-D29B-901E-9C62
OESA-2025-1821
OESA-2025-1822
OESA-2025-1823
OESA-2025-1824
OESA-2025-1870
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7699-1
USN-7699-2
USN-7721-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu