CVE-2025-37907

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37907
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37907.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37907
Downstream
Published
2025-05-20T15:21:40.482Z
Modified
2025-11-20T08:57:16.833678Z
Summary
accel/ivpu: Fix locking order in ivpu_job_submit
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Fix locking order in ivpujobsubmit

Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submitted_jobs (#1).

After the last job is destroyed, it proceeds to release the related context and locks filepriv (#2). Meanwhile, in the job submission thread, the filepriv lock (#2) is taken first, and then the submitted_jobs lock (#1) is obtained when a job is added to the submitted jobs list.

   CPU0                            CPU1
   ----                            ----

(for example due to a fault) (jobs submissions keep coming)

lock(&vdev->submittedjobslock) #1 ivpujobsabortall() jobdestroy() lock(&filepriv->lock) #2 lock(&vdev->submittedjobslock) #1 fileprivrelease() lock(&vdev->contextlistlock) lock(&filepriv->lock) #2

This order of locking causes a deadlock. To resolve this issue, change the order of locking in ivpujobsubmit().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
35b137630f08d913fc2e33df33ccc2570dff3f7d
Fixed
079d2622f8c9e0c380149645fff21d35c59ce6ff
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
35b137630f08d913fc2e33df33ccc2570dff3f7d
Fixed
b9b70924a272c2d72023306bc56f521c056212ee
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
35b137630f08d913fc2e33df33ccc2570dff3f7d
Fixed
ab680dc6c78aa035e944ecc8c48a1caab9f39924

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-37907-41798ade",
        "target": {
            "function": "ivpu_job_submit",
            "file": "drivers/accel/ivpu/ivpu_job.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9b70924a272c2d72023306bc56f521c056212ee",
        "deprecated": false,
        "digest": {
            "length": 1916.0,
            "function_hash": "271052658405214327173442682060603951627"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2025-37907-6ef8c8ee",
        "target": {
            "file": "drivers/accel/ivpu/ivpu_job.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab680dc6c78aa035e944ecc8c48a1caab9f39924",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "238400276096134037227621190114507154282",
                "130543264945740391602950885259357661644",
                "56639585183232314145503796513718221985",
                "31474186069790650192044772177233251340",
                "298929843828339142231974984815402646222",
                "233586992798044155461853006449109103207",
                "277640245414656345193818274030200309229",
                "244442208578761110618873497579400677859",
                "276667163493519227513135415472819532623",
                "214472319508563900392566185028573870262",
                "321094324108389958019929021281947329357",
                "104201241883801245378715339172957614548",
                "93844482516865495905047908682798428709",
                "141823837811665898123027519008322915487",
                "326227522766857681188907218069801580263",
                "47566666115620849945804169579561098470",
                "207700150299756249090852546727932565938",
                "232737961480467028174634503791105166788",
                "164790931208974619774582582648977691977",
                "173662904464655840476223290818893879392",
                "219905352652757088897238301043206163511",
                "177786713173793544048338588507782599614",
                "214220983064407166874381949860746329813",
                "72497896489289474667534003082966161966",
                "59596955406009416532657176845172191661",
                "13197398142354454042482587080722218760",
                "124578130907572775157182319494564704909",
                "133172392227234044333204010200226705914",
                "317547608105501094048763395493486454607",
                "58300147107473076197120281911195820388",
                "340118258532783280797751637930283673579",
                "100780039735271945877647393292175680686",
                "188633296813496007061849553746596080042",
                "244032201384399616502099499237986192490",
                "307154871613222523773879440139917265583"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-37907-d2bade19",
        "target": {
            "file": "drivers/accel/ivpu/ivpu_job.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9b70924a272c2d72023306bc56f521c056212ee",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "238400276096134037227621190114507154282",
                "42258627034604657142463607320428577080",
                "330166733933589143414596098141897505187",
                "741964764237374128623775320826539722",
                "120846616138036902545012221374511359726",
                "4809013669306086908343412797983633949",
                "230702671804470656952590774769972101456",
                "183351332047498825402541709369722990032",
                "326227522766857681188907218069801580263",
                "47566666115620849945804169579561098470",
                "207700150299756249090852546727932565938",
                "232737961480467028174634503791105166788",
                "164790931208974619774582582648977691977",
                "265164251064684068265118589088513539243",
                "29008450147083214562606471540818582122",
                "177786713173793544048338588507782599614",
                "214220983064407166874381949860746329813",
                "72497896489289474667534003082966161966",
                "59596955406009416532657176845172191661",
                "13197398142354454042482587080722218760",
                "124578130907572775157182319494564704909",
                "133172392227234044333204010200226705914",
                "317547608105501094048763395493486454607",
                "58300147107473076197120281911195820388",
                "340118258532783280797751637930283673579",
                "100780039735271945877647393292175680686",
                "188633296813496007061849553746596080042",
                "244032201384399616502099499237986192490",
                "307154871613222523773879440139917265583"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-37907-f3a4d8cc",
        "target": {
            "function": "ivpu_job_submit",
            "file": "drivers/accel/ivpu/ivpu_job.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab680dc6c78aa035e944ecc8c48a1caab9f39924",
        "deprecated": false,
        "digest": {
            "length": 2116.0,
            "function_hash": "7492412096603691588424757321552881829"
        },
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.12.28
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.6