CVE-2025-37967

usb: typec: ucsi: displayport: Fix deadlock

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f4bd982563c2fd41ec9ca6c517c392d759db801c
https://git.kernel.org/stable/c/f32451ca4cb7dc53f2a0e2e66b84d34162747eb7
https://git.kernel.org/stable/c/962ce9028ca6eb450d5c205238a3ee27de9d214d
https://git.kernel.org/stable/c/5924b324468845fc795bd76f588f51d7ab4f202d
https://git.kernel.org/stable/c/61fc1a8e1e10cc784cab5829930838aaf1d37af5
https://git.kernel.org/stable/c/364618c89d4c57c85e5fc51a2446cd939bf57802

Frequently Asked Questions

What is the severity of CVE-2025-37967?
CVE-2025-37967 has not yet been assigned a CVSS score.
How to fix CVE-2025-37967?
To fix CVE-2025-37967, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37967 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37967 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37967?
CVE-2025-37967 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.