CVE-2025-23151

bus: mhi: host: Fix race between unprepare and queue_buf

Description

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race between unprepare and queue_buf A client driver may use mhi_unprepare_from_transfer() to quiesce incoming data during the client driver's tear down. The client driver might also be processing data at the same time, resulting in a call to mhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs after mhi_unprepare_from_transfer() has torn down the channel, a panic will occur due to an invalid dereference leading to a page fault. This occurs because mhi_gen_tre() does not verify the channel state after locking it. Fix this by having mhi_gen_tre() confirm the channel state is valid, or return error to avoid accessing deinitialized data. [mani: added stable tag]

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/899d0353ea69681f474b6bc9de32c663b89672da
https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b
https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1
https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425
https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760
https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6
https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380

Frequently Asked Questions

What is the severity of CVE-2025-23151?
CVE-2025-23151 has not yet been assigned a CVSS score.
How to fix CVE-2025-23151?
To fix CVE-2025-23151, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-23151 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-23151 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-23151?
CVE-2025-23151 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.