DEBIAN-CVE-2025-40142
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-40142
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40142.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-40142
- Upstream
- Published
- 2025-11-12T11:15:44.017Z
- Modified
- 2025-11-21T03:14:41.932427Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spinlockirq() on PREEMPTRT sndpcmgrouplockirq() acquires a spinlockt and disables interrupts via spinlockirq(). This also implicitly disables the handling of softirqs such as TIMERSOFTIRQ. On PREEMPTRT softirqs are preemptible and spinlockirq() does not disable them. That means a timer can be invoked during spinlockirq() on the same CPU. Due to synchronisations reasons localbhdisable() has a per-CPU lock named softirqctrl.lock which synchronizes individual softirq against each other. syz-bot managed to trigger a lockdep report where softirqctrl.lock is acquired in hrtimercancel() in addition to hrtimerrunsoftirq(). This is a possible deadlock. The softirqctrl.lock can not be made part of spinlockirq() as this would lead to too much synchronisation against individual threads on the system. To avoid the possible deadlock, softirqs must be manually disabled before the lock is acquired. Disable softirqs before the lock is acquired on PREEMPT_RT.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.17.6-1