CVE-2025-21807

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21807
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21807.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21807
Downstream
Published
2025-02-27T20:00:59Z
Modified
2025-10-22T08:51:20.096989Z
Summary
block: fix queue freeze vs limits lock order in sysfs store methods
Details

In the Linux kernel, the following vulnerability has been resolved:

block: fix queue freeze vs limits lock order in sysfs store methods

queueattrstore() always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will also lock the queue limits with a call to queuelimitsstart_update(). However, some drivers (e.g. SCSI sd) may need to issue commands to a device to obtain limit values from the hardware with the queue limits locked. This creates a potential ABBA deadlock situation if a user attempts to modify a limit (thus freezing the device queue) while the device driver starts a revalidation of the device queue limits.

Avoid such deadlock by not freezing the queue before calling the ->storelimit() method in struct queuesysfsentry and instead use the queuelimitscommitupdate_frozen helper to freeze the queue after taking the limits lock.

This also removes taking the sysfs lock for the store_limit method as it doesn't protect anything here, but creates even more nesting. Hopefully it will go away from the actual sysfs methods entirely soon.

(commit log adapted from a similar patch from Damien Le Moal)

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0327ca9d53bfbb0918867313049bba7046900f73
Fixed
8985da5481562e96b95e94ed8e5cc9b6565eb82b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0327ca9d53bfbb0918867313049bba7046900f73
Fixed
c99f66e4084a62a2cc401c4704a84328aeddc9ec

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.8
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8985da5481562e96b95e94ed8e5cc9b6565eb82b",
        "id": "CVE-2025-21807-0d401822",
        "signature_version": "v1",
        "target": {
            "function": "queue_attr_store",
            "file": "block/blk-sysfs.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "169356698928164053068873210894823340306",
            "length": 788.0
        }
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c99f66e4084a62a2cc401c4704a84328aeddc9ec",
        "id": "CVE-2025-21807-6d5e2842",
        "signature_version": "v1",
        "target": {
            "file": "block/blk-sysfs.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105039716789319062550774908522884969270",
                "99187983292771508872140457623950691456",
                "214908463432338306771306272619357420857",
                "335308018436230196973598998135911897674",
                "63174987953510445084342783025071997461",
                "75453785839245231802581847755915942578",
                "314039757623104485921942077042802876667",
                "154136930815535956793940007417502346047",
                "144543442489268082574335043056283821139",
                "280084462506995825639217556874769030072",
                "246095062063157817756134936116180974083",
                "261433920216568434075640034302145032276",
                "287782393885150974381805571756178784772",
                "283547972158494893572196536108118303920",
                "140374234290100837321446773858990790213",
                "232683002144226974668152376164599195211",
                "43021241529365296548020589789277086483",
                "212706664254667333340375064352560467372"
            ]
        }
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8985da5481562e96b95e94ed8e5cc9b6565eb82b",
        "id": "CVE-2025-21807-a2592d8c",
        "signature_version": "v1",
        "target": {
            "file": "block/blk-sysfs.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105039716789319062550774908522884969270",
                "99187983292771508872140457623950691456",
                "214908463432338306771306272619357420857",
                "335308018436230196973598998135911897674",
                "63174987953510445084342783025071997461",
                "75453785839245231802581847755915942578",
                "314039757623104485921942077042802876667",
                "154136930815535956793940007417502346047",
                "144543442489268082574335043056283821139",
                "280084462506995825639217556874769030072",
                "246095062063157817756134936116180974083",
                "261433920216568434075640034302145032276",
                "287782393885150974381805571756178784772",
                "283547972158494893572196536108118303920",
                "140374234290100837321446773858990790213",
                "232683002144226974668152376164599195211",
                "43021241529365296548020589789277086483",
                "212706664254667333340375064352560467372"
            ]
        }
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c99f66e4084a62a2cc401c4704a84328aeddc9ec",
        "id": "CVE-2025-21807-ac2f1592",
        "signature_version": "v1",
        "target": {
            "function": "queue_attr_store",
            "file": "block/blk-sysfs.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "169356698928164053068873210894823340306",
            "length": 788.0
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.13.2