logo_clicknbuy.png

CVE-2025-37968 – Linux Kernel IIO Light Opt3001 Deadlock Vulnerability

The following table lists the changes that have been made to the
CVE-2025-37968 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 20, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    iio: light: opt3001: fix deadlock due to concurrent flag access

    The threaded IRQ function in this driver is reading the flag twice: once to
    lock a mutex and once to unlock it. Even though the code setting the flag
    is designed to prevent it, there are subtle cases where the flag could be
    true at the mutex_lock stage and false at the mutex_unlock stage. This
    results in the mutex not being unlocked, resulting in a deadlock.

    Fix it by making the opt3001_irq() code generally more robust, reading the
    flag into a variable and using the variable value at both stages.
    Added Reference https://git.kernel.org/stable/c/2c95c8f0959d0a72575eabf2ff888f47ed6d8b77
    Added Reference https://git.kernel.org/stable/c/f063a28002e3350088b4577c5640882bf4ea17ea
Share the Post:

Related Posts