CVE-2025-40142

sndpcmgrouplockirq() acquires a spinlockt and disables interrupts via spinlockirq(). This also implicitly disables the handling of softirqs such as TIMERSOFTIRQ. On PREEMPTRT softirqs are preemptible and spinlockirq() does not disable them. That means a timer can be invoked during spinlockirq() on the same CPU. Due to synchronisations reasons localbhdisable() has a per-CPU lock named softirqctrl.lock which synchronizes individual softirq against each other. syz-bot managed to trigger a lockdep report where softirqctrl.lock is acquired in hrtimercancel() in addition to hrtimerrunsoftirq(). This is a possible deadlock.

The softirqctrl.lock can not be made part of spinlock_irq() as this would lead to too much synchronisation against individual threads on the system. To avoid the possible deadlock, softirqs must be manually disabled before the lock is acquired.

Disable softirqs before the lock is acquired on PREEMPT_RT.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40142.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d2d6422f8bd17c6bb205133e290625a564194496

Fixed

63ee96c7f47df239ee0a6e8108b6bfd8c98334ae

Fixed

3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a

Fixed

9fc4a3da9a0259a0500848b5d8657918efde176b

Affected versions

v6.*

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.4

v6.12.40

v6.12.41

v6.12.42

v6.12.43

v6.12.44

v6.12.45

v6.12.46

v6.12.47

v6.12.48

v6.12.49

v6.12.5

v6.12.50

v6.12.51

v6.12.52

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.17.1

v6.17.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40142.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.12.0

Fixed

6.12.53

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40142.json"