CVE-2025-21807

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential deadlock situation exists in the Linux kernel due to the queue freeze vs limits lock order in sysfs store methods. This issue arises when a user attempts to modify a limit, thus freezing the device queue, while the device driver starts a revalidation of the device queue limits. The problem occurs because some drivers, such as SCSI sd, may need to issue commands to a device to obtain limit values from the hardware with the queue limits locked. This creates an ABBA deadlock situation.

Recommendations To resolve this issue, the queue freeze should not be performed before calling the ->store limit() method in struct queue sysfs entry. Instead, use the queue limits commit update frozen helper to freeze the queue after taking the limits lock. Additionally, avoid taking the sysfs lock for the store limit method as it does not provide any protection and creates more nesting.