CVE-2025-40142 (GCVE-0-2025-40142)

Vulnerability from cvelistv5 – Published: 2025-11-12 10:23 – Updated: 2025-12-01 06:18
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT snd_pcm_group_lock_irq() acquires a spinlock_t and disables interrupts via spin_lock_irq(). This also implicitly disables the handling of softirqs such as TIMER_SOFTIRQ. On PREEMPT_RT softirqs are preemptible and spin_lock_irq() does not disable them. That means a timer can be invoked during spin_lock_irq() on the same CPU. Due to synchronisations reasons local_bh_disable() has a per-CPU lock named softirq_ctrl.lock which synchronizes individual softirq against each other. syz-bot managed to trigger a lockdep report where softirq_ctrl.lock is acquired in hrtimer_cancel() in addition to hrtimer_run_softirq(). This is a possible deadlock. The softirq_ctrl.lock can not be made part of spin_lock_irq() as this would lead to too much synchronisation against individual threads on the system. To avoid the possible deadlock, softirqs must be manually disabled before the lock is acquired. Disable softirqs before the lock is acquired on PREEMPT_RT.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: d2d6422f8bd17c6bb205133e290625a564194496 , < 63ee96c7f47df239ee0a6e8108b6bfd8c98334ae (git)
Affected: d2d6422f8bd17c6bb205133e290625a564194496 , < 3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a (git)
Affected: d2d6422f8bd17c6bb205133e290625a564194496 , < 9fc4a3da9a0259a0500848b5d8657918efde176b (git)
Create a notification for this product.
    Linux Linux Affected: 6.12
Unaffected: 0 , < 6.12 (semver)
Unaffected: 6.12.53 , ≤ 6.12.* (semver)
Unaffected: 6.17.3 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/core/pcm_native.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "63ee96c7f47df239ee0a6e8108b6bfd8c98334ae",
              "status": "affected",
              "version": "d2d6422f8bd17c6bb205133e290625a564194496",
              "versionType": "git"
            },
            {
              "lessThan": "3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a",
              "status": "affected",
              "version": "d2d6422f8bd17c6bb205133e290625a564194496",
              "versionType": "git"
            },
            {
              "lessThan": "9fc4a3da9a0259a0500848b5d8657918efde176b",
              "status": "affected",
              "version": "d2d6422f8bd17c6bb205133e290625a564194496",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/core/pcm_native.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.53",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.3",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT\n\nsnd_pcm_group_lock_irq() acquires a spinlock_t and disables interrupts\nvia spin_lock_irq(). This also implicitly disables the handling of\nsoftirqs such as TIMER_SOFTIRQ.\nOn PREEMPT_RT softirqs are preemptible and spin_lock_irq() does not\ndisable them. That means a timer can be invoked during spin_lock_irq()\non the same CPU. Due to synchronisations reasons local_bh_disable() has\na per-CPU lock named softirq_ctrl.lock which synchronizes individual\nsoftirq against each other.\nsyz-bot managed to trigger a lockdep report where softirq_ctrl.lock is\nacquired in hrtimer_cancel() in addition to hrtimer_run_softirq(). This\nis a possible deadlock.\n\nThe softirq_ctrl.lock can not be made part of spin_lock_irq() as this\nwould lead to too much synchronisation against individual threads on the\nsystem. To avoid the possible deadlock, softirqs must be manually\ndisabled before the lock is acquired.\n\nDisable softirqs before the lock is acquired on PREEMPT_RT."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:18:50.792Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/63ee96c7f47df239ee0a6e8108b6bfd8c98334ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fc4a3da9a0259a0500848b5d8657918efde176b"
        }
      ],
      "title": "ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40142",
    "datePublished": "2025-11-12T10:23:25.191Z",
    "dateReserved": "2025-04-16T07:20:57.171Z",
    "dateUpdated": "2025-12-01T06:18:50.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40142\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-11-12T11:15:44.017\",\"lastModified\":\"2025-11-12T16:19:12.850\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT\\n\\nsnd_pcm_group_lock_irq() acquires a spinlock_t and disables interrupts\\nvia spin_lock_irq(). This also implicitly disables the handling of\\nsoftirqs such as TIMER_SOFTIRQ.\\nOn PREEMPT_RT softirqs are preemptible and spin_lock_irq() does not\\ndisable them. That means a timer can be invoked during spin_lock_irq()\\non the same CPU. Due to synchronisations reasons local_bh_disable() has\\na per-CPU lock named softirq_ctrl.lock which synchronizes individual\\nsoftirq against each other.\\nsyz-bot managed to trigger a lockdep report where softirq_ctrl.lock is\\nacquired in hrtimer_cancel() in addition to hrtimer_run_softirq(). This\\nis a possible deadlock.\\n\\nThe softirq_ctrl.lock can not be made part of spin_lock_irq() as this\\nwould lead to too much synchronisation against individual threads on the\\nsystem. To avoid the possible deadlock, softirqs must be manually\\ndisabled before the lock is acquired.\\n\\nDisable softirqs before the lock is acquired on PREEMPT_RT.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/63ee96c7f47df239ee0a6e8108b6bfd8c98334ae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9fc4a3da9a0259a0500848b5d8657918efde176b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.