GHSA-6MJV-X284-3FG6
Vulnerability from github – Published: 2025-12-08 03:31 – Updated: 2025-12-08 03:31In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue
When ufshcd_err_handler() is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcd_handle_mcq_cq_events() and also in ufs_mtk_mcq_intr(). The following warning message will be generated when &hwq->cq_lock is used in IRQ context with IRQ enabled. Use ufshcd_mcq_poll_cqe_lock() with spin_lock_irqsave instead of spin_lock to resolve the deadlock issue.
[name:lockdep&]WARNING: inconsistent lock state [name:lockdep&]-------------------------------- [name:lockdep&]inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. [name:lockdep&]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes: ffffff8028444600 (&hwq->cq_lock){?.-.}-{2:2}, at: ufshcd_mcq_poll_cqe_lock+0x30/0xe0 [name:lockdep&]{IN-HARDIRQ-W} state was registered at: lock_acquire+0x17c/0x33c _raw_spin_lock+0x5c/0x7c ufshcd_mcq_poll_cqe_lock+0x30/0xe0 ufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod] __handle_irq_event_percpu+0x140/0x3ec handle_irq_event+0x50/0xd8 handle_fasteoi_irq+0x148/0x2b0 generic_handle_domain_irq+0x4c/0x6c gic_handle_irq+0x58/0x134 call_on_irq_stack+0x40/0x74 do_interrupt_handler+0x84/0xe4 el1_interrupt+0x3c/0x78
Possible unsafe locking scenario: CPU0 ---- lock(&hwq->cq_lock); lock(&hwq->cq_lock); *** DEADLOCK *** 2 locks held by kworker/u16:4/260:
[name:lockdep&] stack backtrace: CPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S W OE 6.1.17-mainline-android14-2-g277223301adb #1 Workqueue: ufs_eh_wq_0 ufshcd_err_handler
Call trace: dump_backtrace+0x10c/0x160 show_stack+0x20/0x30 dump_stack_lvl+0x98/0xd8 dump_stack+0x20/0x60 print_usage_bug+0x584/0x76c mark_lock_irq+0x488/0x510 mark_lock+0x1ec/0x25c __lock_acquire+0x4d8/0xffc lock_acquire+0x17c/0x33c _raw_spin_lock+0x5c/0x7c ufshcd_mcq_poll_cqe_lock+0x30/0xe0 ufshcd_poll+0x68/0x1b0 ufshcd_transfer_req_compl+0x9c/0xc8 ufshcd_err_handler+0x3bc/0xea0 process_one_work+0x2f4/0x7e8 worker_thread+0x234/0x450 kthread+0x110/0x134 ret_from_fork+0x10/0x20
{
"affected": [],
"aliases": [
"CVE-2023-53760"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T02:15:51Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: mcq: Fix \u0026hwq-\u003ecq_lock deadlock issue\n\nWhen ufshcd_err_handler() is executed, CQ event interrupt can enter waiting\nfor the same lock. This can happen in ufshcd_handle_mcq_cq_events() and\nalso in ufs_mtk_mcq_intr(). The following warning message will be generated\nwhen \u0026hwq-\u003ecq_lock is used in IRQ context with IRQ enabled. Use\nufshcd_mcq_poll_cqe_lock() with spin_lock_irqsave instead of spin_lock to\nresolve the deadlock issue.\n\n[name:lockdep\u0026]WARNING: inconsistent lock state\n[name:lockdep\u0026]--------------------------------\n[name:lockdep\u0026]inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n[name:lockdep\u0026]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes:\n ffffff8028444600 (\u0026hwq-\u003ecq_lock){?.-.}-{2:2}, at:\nufshcd_mcq_poll_cqe_lock+0x30/0xe0\n[name:lockdep\u0026]{IN-HARDIRQ-W} state was registered at:\n lock_acquire+0x17c/0x33c\n _raw_spin_lock+0x5c/0x7c\n ufshcd_mcq_poll_cqe_lock+0x30/0xe0\n ufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod]\n __handle_irq_event_percpu+0x140/0x3ec\n handle_irq_event+0x50/0xd8\n handle_fasteoi_irq+0x148/0x2b0\n generic_handle_domain_irq+0x4c/0x6c\n gic_handle_irq+0x58/0x134\n call_on_irq_stack+0x40/0x74\n do_interrupt_handler+0x84/0xe4\n el1_interrupt+0x3c/0x78\n\u003csnip\u003e\n\nPossible unsafe locking scenario:\n CPU0\n ----\n lock(\u0026hwq-\u003ecq_lock);\n \u003cInterrupt\u003e\n lock(\u0026hwq-\u003ecq_lock);\n *** DEADLOCK ***\n2 locks held by kworker/u16:4/260:\n\n[name:lockdep\u0026]\n stack backtrace:\nCPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S W OE\n6.1.17-mainline-android14-2-g277223301adb #1\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\n\n Call trace:\n dump_backtrace+0x10c/0x160\n show_stack+0x20/0x30\n dump_stack_lvl+0x98/0xd8\n dump_stack+0x20/0x60\n print_usage_bug+0x584/0x76c\n mark_lock_irq+0x488/0x510\n mark_lock+0x1ec/0x25c\n __lock_acquire+0x4d8/0xffc\n lock_acquire+0x17c/0x33c\n _raw_spin_lock+0x5c/0x7c\n ufshcd_mcq_poll_cqe_lock+0x30/0xe0\n ufshcd_poll+0x68/0x1b0\n ufshcd_transfer_req_compl+0x9c/0xc8\n ufshcd_err_handler+0x3bc/0xea0\n process_one_work+0x2f4/0x7e8\n worker_thread+0x234/0x450\n kthread+0x110/0x134\n ret_from_fork+0x10/0x20",
"id": "GHSA-6mjv-x284-3fg6",
"modified": "2025-12-08T03:31:03Z",
"published": "2025-12-08T03:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53760"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ce8c49c7b53e0a2258b833eeab16a6d78f732d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/948afc69615167a3c82430f99bfd046332b89912"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.