CVE-2025-37884

bpf: Fix deadlock between rcu_tasks_trace and event_mutex.

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() There are several paths where _free_event() grabs event_mutex and calls sync_rcu_tasks_trace. Above is one such case. CPU B bpf_prog_test_run_syscall() rcu_read_lock_trace() bpf_prog_run_pin_on_cpu() bpf_prog_load() bpf_tracing_func_proto() trace_set_clr_event() mutex_lock(&event_mutex) Delegate trace_set_clr_event() to workqueue to avoid such lock dependency.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a
https://git.kernel.org/stable/c/b5a528a34e1f613565115a7a6016862ccbfcb9ac
https://git.kernel.org/stable/c/c5c833f6375f8ecf9254dd27946c927c7d645421
https://git.kernel.org/stable/c/45286680b385f2592db3003554872388dee66d68
https://git.kernel.org/stable/c/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1

Frequently Asked Questions

What is the severity of CVE-2025-37884?
CVE-2025-37884 has not yet been assigned a CVSS score.
How to fix CVE-2025-37884?
To fix CVE-2025-37884, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37884 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37884 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37884?
CVE-2025-37884 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.