CVE-2025-21951 (GCVE-0-2025-21951)

Vulnerability from cvelistv5 – Published: 2025-04-01 15:41 – Updated: 2026-05-11 21:09
VLAI
Title
bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
Summary
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shutdown() callback. If the device is not alive during recovery_work, it will try to reset the device using pci_reset_function(). This function internally will take the device_lock() first before resetting the device. By this time, if the lock has already been acquired, then recovery_work will get stalled while waiting for the lock. And if the lock was already acquired by the caller which waits for the recovery_work to be completed, it will lead to deadlock. This is what happened on the X1E80100 CRD device when the device died before shutdown() callback. Driver core calls the driver's shutdown() callback while holding the device_lock() leading to deadlock. And this deadlock scenario can occur on other paths as well, like during the PM suspend() callback, where the driver core would hold the device_lock() before calling driver's suspend() callback. And if the recovery_work was already started, it could lead to deadlock. This is also observed on the X1E80100 CRD. So to fix both issues, use pci_try_reset_function() in recovery_work. This function first checks for the availability of the device_lock() before trying to reset the device. If the lock is available, it will acquire it and reset the device. Otherwise, it will return -EAGAIN. If that happens, recovery_work will fail with the error message "Recovery failed" as not much could be done.
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 7389337f0a78ea099c47f0af08f64f20c52ab4ba , < 7746f3bb8917fccb4571a576f3837d80fc513054 (git)
Affected: 7389337f0a78ea099c47f0af08f64f20c52ab4ba , < 7a5ffadd54fe2662f5c99cdccf30144d060376f7 (git)
Affected: 7389337f0a78ea099c47f0af08f64f20c52ab4ba , < 1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95 (git)
Affected: 7389337f0a78ea099c47f0af08f64f20c52ab4ba , < 985d3cf56d8745ca637deee273929e01df449f85 (git)
Affected: 7389337f0a78ea099c47f0af08f64f20c52ab4ba , < 62505657475c245c9cd46e42ac01026d1e61f027 (git)
Affected: 7389337f0a78ea099c47f0af08f64f20c52ab4ba , < a321d163de3d8aa38a6449ab2becf4b1581aed96 (git)
Create a notification for this product.
Linux Linux Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 5.15.179 , ≤ 5.15.* (semver)
Unaffected: 6.1.131 , ≤ 6.1.* (semver)
Unaffected: 6.6.83 , ≤ 6.6.* (semver)
Unaffected: 6.12.19 , ≤ 6.12.* (semver)
Unaffected: 6.13.7 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21951",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T17:16:49.794913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T17:16:52.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:39:52.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bus/mhi/host/pci_generic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7746f3bb8917fccb4571a576f3837d80fc513054",
              "status": "affected",
              "version": "7389337f0a78ea099c47f0af08f64f20c52ab4ba",
              "versionType": "git"
            },
            {
              "lessThan": "7a5ffadd54fe2662f5c99cdccf30144d060376f7",
              "status": "affected",
              "version": "7389337f0a78ea099c47f0af08f64f20c52ab4ba",
              "versionType": "git"
            },
            {
              "lessThan": "1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95",
              "status": "affected",
              "version": "7389337f0a78ea099c47f0af08f64f20c52ab4ba",
              "versionType": "git"
            },
            {
              "lessThan": "985d3cf56d8745ca637deee273929e01df449f85",
              "status": "affected",
              "version": "7389337f0a78ea099c47f0af08f64f20c52ab4ba",
              "versionType": "git"
            },
            {
              "lessThan": "62505657475c245c9cd46e42ac01026d1e61f027",
              "status": "affected",
              "version": "7389337f0a78ea099c47f0af08f64f20c52ab4ba",
              "versionType": "git"
            },
            {
              "lessThan": "a321d163de3d8aa38a6449ab2becf4b1581aed96",
              "status": "affected",
              "version": "7389337f0a78ea099c47f0af08f64f20c52ab4ba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bus/mhi/host/pci_generic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.131",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.83",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.19",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.7",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:09:41.957Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7746f3bb8917fccb4571a576f3837d80fc513054"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a5ffadd54fe2662f5c99cdccf30144d060376f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95"
        },
        {
          "url": "https://git.kernel.org/stable/c/985d3cf56d8745ca637deee273929e01df449f85"
        },
        {
          "url": "https://git.kernel.org/stable/c/62505657475c245c9cd46e42ac01026d1e61f027"
        },
        {
          "url": "https://git.kernel.org/stable/c/a321d163de3d8aa38a6449ab2becf4b1581aed96"
        }
      ],
      "title": "bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21951",
    "datePublished": "2025-04-01T15:41:11.487Z",
    "dateReserved": "2024-12-29T08:45:45.790Z",
    "dateUpdated": "2026-05-11T21:09:41.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-21951",
      "date": "2026-06-28",
      "epss": "0.00134",
      "percentile": "0.03253"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21951\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-01T16:15:26.297\",\"lastModified\":\"2026-06-17T08:44:41.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\\n\\nThere are multiple places from where the recovery work gets scheduled\\nasynchronously. Also, there are multiple places where the caller waits\\nsynchronously for the recovery to be completed. One such place is during\\nthe PM shutdown() callback.\\n\\nIf the device is not alive during recovery_work, it will try to reset the\\ndevice using pci_reset_function(). This function internally will take the\\ndevice_lock() first before resetting the device. By this time, if the lock\\nhas already been acquired, then recovery_work will get stalled while\\nwaiting for the lock. And if the lock was already acquired by the caller\\nwhich waits for the recovery_work to be completed, it will lead to\\ndeadlock.\\n\\nThis is what happened on the X1E80100 CRD device when the device died\\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\\ncallback while holding the device_lock() leading to deadlock.\\n\\nAnd this deadlock scenario can occur on other paths as well, like during\\nthe PM suspend() callback, where the driver core would hold the\\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\\nrecovery_work was already started, it could lead to deadlock. This is also\\nobserved on the X1E80100 CRD.\\n\\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\\nfunction first checks for the availability of the device_lock() before\\ntrying to reset the device. If the lock is available, it will acquire it\\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\\nrecovery_work will fail with the error message \\\"Recovery failed\\\" as not\\nmuch could be done.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: host: pci_generic: Use pci_try_reset_function() para evitar el interbloqueo Hay varios lugares desde donde el trabajo de recuperaci\u00f3n se programa de forma as\u00edncrona. Adem\u00e1s, hay varios lugares donde el llamador espera de forma s\u00edncrona a que se complete la recuperaci\u00f3n. Uno de esos lugares es durante la devoluci\u00f3n de llamada de PM shutdown(). Si el dispositivo no est\u00e1 activo durante recovery_work, intentar\u00e1 reiniciar el dispositivo utilizando pci_reset_function(). Esta funci\u00f3n tomar\u00e1 internamente primero device_lock() antes de reiniciar el dispositivo. En este momento, si el bloqueo ya se ha adquirido, entonces recovery_work se detendr\u00e1 mientras espera el bloqueo. Y si el bloqueo ya fue adquirido por el llamador que espera a que se complete recovery_work, provocar\u00e1 un interbloqueo. Esto es lo que ocurri\u00f3 en el dispositivo X1E80100 CRD cuando el dispositivo muri\u00f3 antes de la devoluci\u00f3n de llamada de shutdown(). El n\u00facleo del controlador llama a la devoluci\u00f3n de llamada de apagado () del controlador mientras mantiene el device_lock(), lo que provoca un interbloqueo. Este bloqueo tambi\u00e9n puede ocurrir en otras rutas, como durante la devoluci\u00f3n de llamada suspend() de PM, donde el n\u00facleo del controlador mantendr\u00eda el bloqueo_de_dispositivo() antes de llamar a la devoluci\u00f3n de llamada suspend() del controlador. Si el trabajo de recuperaci\u00f3n ya se hab\u00eda iniciado, podr\u00eda provocar un bloqueo. Esto tambi\u00e9n se observa en el CRD X1E80100. Para solucionar ambos problemas, utilice pci_try_reset_function() en el trabajo de recuperaci\u00f3n. Esta funci\u00f3n primero comprueba la disponibilidad del bloqueo_de_dispositivo() antes de intentar reiniciar el dispositivo. Si el bloqueo est\u00e1 disponible, lo adquirir\u00e1 y reiniciar\u00e1 el dispositivo. De lo contrario, devolver\u00e1 -EAGAIN. En este caso, el trabajo de recuperaci\u00f3n fallar\u00e1 con el mensaje de error \\\"Error de recuperaci\u00f3n\\\", ya que no se pudo hacer mucho.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/bus/mhi/host/pci_generic.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"7389337f0a78ea099c47f0af08f64f20c52ab4ba\",\"lessThan\":\"7746f3bb8917fccb4571a576f3837d80fc513054\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"7389337f0a78ea099c47f0af08f64f20c52ab4ba\",\"lessThan\":\"7a5ffadd54fe2662f5c99cdccf30144d060376f7\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"7389337f0a78ea099c47f0af08f64f20c52ab4ba\",\"lessThan\":\"1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"7389337f0a78ea099c47f0af08f64f20c52ab4ba\",\"lessThan\":\"985d3cf56d8745ca637deee273929e01df449f85\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"7389337f0a78ea099c47f0af08f64f20c52ab4ba\",\"lessThan\":\"62505657475c245c9cd46e42ac01026d1e61f027\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"7389337f0a78ea099c47f0af08f64f20c52ab4ba\",\"lessThan\":\"a321d163de3d8aa38a6449ab2becf4b1581aed96\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/bus/mhi/host/pci_generic.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.12\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.12\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.179\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.131\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.83\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.19\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.13.7\",\"lessThanOrEqual\":\"6.13.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.14\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-10-01T17:16:49.794913Z\",\"id\":\"CVE-2025-21951\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.15.179\",\"matchCriteriaId\":\"F8D59378-B1BE-4F89-B688-A1FCE28B723F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.131\",\"matchCriteriaId\":\"BA9C2DE3-D37C-46C6-8DCD-2EE509456E0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.83\",\"matchCriteriaId\":\"7D9F642F-6E05-4926-B0FE-62F95B7266BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.19\",\"matchCriteriaId\":\"32865E5C-8AE1-4D3D-A64D-299039694A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.7\",\"matchCriteriaId\":\"842F5A44-3E71-4546-B4FD-43B0ACE3F32B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"186716B6-2B66-4BD0-852E-D48E71C0C85F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3E781C-403A-498F-9DA9-ECEE50F41E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"66619FB8-0AAF-4166-B2CF-67B24143261D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D6550E-6679-4560-902D-AF52DCFE905B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B90F6B-BEC7-4D4E-883A-9DBADE021750\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/62505657475c245c9cd46e42ac01026d1e61f027\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7746f3bb8917fccb4571a576f3837d80fc513054\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7a5ffadd54fe2662f5c99cdccf30144d060376f7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/985d3cf56d8745ca637deee273929e01df449f85\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a321d163de3d8aa38a6449ab2becf4b1581aed96\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:39:52.892Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21951\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T17:16:49.794913Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-667\", \"description\": \"CWE-667 Improper Locking\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T14:38:19.369Z\"}}], \"cna\": {\"title\": \"bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"7389337f0a78ea099c47f0af08f64f20c52ab4ba\", \"lessThan\": \"7746f3bb8917fccb4571a576f3837d80fc513054\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7389337f0a78ea099c47f0af08f64f20c52ab4ba\", \"lessThan\": \"7a5ffadd54fe2662f5c99cdccf30144d060376f7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7389337f0a78ea099c47f0af08f64f20c52ab4ba\", \"lessThan\": \"1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7389337f0a78ea099c47f0af08f64f20c52ab4ba\", \"lessThan\": \"985d3cf56d8745ca637deee273929e01df449f85\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7389337f0a78ea099c47f0af08f64f20c52ab4ba\", \"lessThan\": \"62505657475c245c9cd46e42ac01026d1e61f027\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7389337f0a78ea099c47f0af08f64f20c52ab4ba\", \"lessThan\": \"a321d163de3d8aa38a6449ab2becf4b1581aed96\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/bus/mhi/host/pci_generic.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.15.179\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.131\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.83\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.19\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/bus/mhi/host/pci_generic.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/7746f3bb8917fccb4571a576f3837d80fc513054\"}, {\"url\": \"https://git.kernel.org/stable/c/7a5ffadd54fe2662f5c99cdccf30144d060376f7\"}, {\"url\": \"https://git.kernel.org/stable/c/1f9eb7078bc6b5fb5cbfbcb37c4bc01685332b95\"}, {\"url\": \"https://git.kernel.org/stable/c/985d3cf56d8745ca637deee273929e01df449f85\"}, {\"url\": \"https://git.kernel.org/stable/c/62505657475c245c9cd46e42ac01026d1e61f027\"}, {\"url\": \"https://git.kernel.org/stable/c/a321d163de3d8aa38a6449ab2becf4b1581aed96\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\\n\\nThere are multiple places from where the recovery work gets scheduled\\nasynchronously. Also, there are multiple places where the caller waits\\nsynchronously for the recovery to be completed. One such place is during\\nthe PM shutdown() callback.\\n\\nIf the device is not alive during recovery_work, it will try to reset the\\ndevice using pci_reset_function(). This function internally will take the\\ndevice_lock() first before resetting the device. By this time, if the lock\\nhas already been acquired, then recovery_work will get stalled while\\nwaiting for the lock. And if the lock was already acquired by the caller\\nwhich waits for the recovery_work to be completed, it will lead to\\ndeadlock.\\n\\nThis is what happened on the X1E80100 CRD device when the device died\\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\\ncallback while holding the device_lock() leading to deadlock.\\n\\nAnd this deadlock scenario can occur on other paths as well, like during\\nthe PM suspend() callback, where the driver core would hold the\\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\\nrecovery_work was already started, it could lead to deadlock. This is also\\nobserved on the X1E80100 CRD.\\n\\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\\nfunction first checks for the availability of the device_lock() before\\ntrying to reset the device. If the lock is available, it will acquire it\\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\\nrecovery_work will fail with the error message \\\"Recovery failed\\\" as not\\nmuch could be done.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.179\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.131\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.83\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.19\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.7\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"5.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T21:09:41.957Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21951\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T21:09:41.957Z\", \"dateReserved\": \"2024-12-29T08:45:45.790Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-04-01T15:41:11.487Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.