CVE-2025-40329

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the drm/sched subsystem related to a potential deadlock within the drm sched entity kill jobs cb function. The issue arises when handling dependencies through xa * functions without disabling interrupts, and when dma fence signal and dma fence add callback share the same spinlock. The root cause is a deadlock scenario where CPU0 holds a lock while CPU1 attempts to acquire it within an interrupt context. The fix involves moving the code iterating on dependencies to drm sched entity kill jobs work. The vulnerability can occur when accessing job dependencies through the xa * functions that do not disable interrupts, such as drm sched job add dependency() and drm sched entity kill jobs cb(). The functions dma fence signal() and dma fence add callback() are involved in the deadlock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.