CVE-2025-37967

MEDIUM

Linux Kernel - Deadlock in UCSI DisplayPort

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it.

References (7)

Core 7

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Patch

https://git.kernel.org/stable/c/f4bd982563c2fd41ec9ca6c517c392d759db801c

Patch

https://git.kernel.org/stable/c/f32451ca4cb7dc53f2a0e2e66b84d34162747eb7

Patch

https://git.kernel.org/stable/c/962ce9028ca6eb450d5c205238a3ee27de9d214d

Patch

https://git.kernel.org/stable/c/5924b324468845fc795bd76f588f51d7ab4f202d

Patch

https://git.kernel.org/stable/c/61fc1a8e1e10cc784cab5829930838aaf1d37af5

Patch

https://git.kernel.org/stable/c/364618c89d4c57c85e5fc51a2446cd939bf57802

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-667

Status published

Products (22)

debian/debian_linux 11.0

linux/Kernel 5.16.0 - 6.1.140linux

linux/Kernel 5.2.0 - 5.15.184linux

linux/Kernel 6.13.0 - 6.14.7linux

linux/Kernel 6.2.0 - 6.6.92linux

linux/Kernel 6.7.0 - 6.12.30linux

Linux/Linux < 5.2

Linux/Linux 5.15.184 - 5.15.*

Linux/Linux 5.2

Linux/Linux 6.1.140 - 6.1.*

... and 12 more

Published May 20, 2025

Tracked Since Feb 18, 2026