fkie_cve-2025-21912
Vulnerability from fkie_nvd
Published
2025-04-01 16:15
Modified
2025-04-15 17:05
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 is trying to lock: [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.239641] other info that might help us debug this: [ 4.239643] context-{5:5} [ 4.239646] 5 locks held by kworker/u8:5/76: [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value. [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c [ 4.254109] #2: ffff00000920c8f8 [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value. [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690 [ 4.264840] #4: [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value. [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690 [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz [ 4.304082] stack backtrace: [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT) [ 4.304097] Workqueue: async async_run_entry_fn [ 4.304106] Call trace: [ 4.304110] show_stack+0x14/0x20 (C) [ 4.304122] dump_stack_lvl+0x6c/0x90 [ 4.304131] dump_stack+0x14/0x1c [ 4.304138] __lock_acquire+0xdfc/0x1584 [ 4.426274] lock_acquire+0x1c4/0x33c [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80 [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8 [ 4.444422] __irq_set_trigger+0x5c/0x178 [ 4.448435] __setup_irq+0x2e4/0x690 [ 4.452012] request_threaded_irq+0xc4/0x190 [ 4.456285] devm_request_threaded_irq+0x7c/0xf4 [ 4.459398] ata1: link resume succeeded after 1 retries [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0 [ 4.470660] mmc_start_host+0x50/0xac [ 4.474327] mmc_add_host+0x80/0xe4 [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440 [ 4.482094] renesas_sdhi_probe+0x488/0x6f4 [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78 [ 4.491509] platform_probe+0x64/0xd8 [ 4.495178] really_probe+0xb8/0x2a8 [ 4.498756] __driver_probe_device+0x74/0x118 [ 4.503116] driver_probe_device+0x3c/0x154 [ 4.507303] __device_attach_driver+0xd4/0x160 [ 4.511750] bus_for_each_drv+0x84/0xe0 [ 4.515588] __device_attach_async_helper+0xb0/0xdc [ 4.520470] async_run_entry_fn+0x30/0xd8 [ 4.524481] process_one_work+0x210/0x62c [ 4.528494] worker_thread+0x1ac/0x340 [ 4.532245] kthread+0x10c/0x110 [ 4.535476] ret_from_fork+0x10/0x20
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2afPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7E2F90-B766-4C56-80D5-6024A031F730",
              "versionEndExcluding": "5.15.179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA9C2DE3-D37C-46C6-8DCD-2EE509456E0B",
              "versionEndExcluding": "6.1.131",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9F642F-6E05-4926-B0FE-62F95B7266BC",
              "versionEndExcluding": "6.6.83",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32865E5C-8AE1-4D3D-A64D-299039694A88",
              "versionEndExcluding": "6.12.19",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "842F5A44-3E71-4546-B4FD-43B0ACE3F32B",
              "versionEndExcluding": "6.13.7",
              "versionStartIncluding": "6.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n    [    4.239592] =============================\n    [    4.239595] [ BUG: Invalid wait context ]\n    [    4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n    [    4.239603] -----------------------------\n    [    4.239606] kworker/u8:5/76 is trying to lock:\n    [    4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n    [    4.239641] other info that might help us debug this:\n    [    4.239643] context-{5:5}\n    [    4.239646] 5 locks held by kworker/u8:5/76:\n    [    4.239651]  #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n    [    4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n    [    4.254094]  #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n    [    4.254109]  #2: ffff00000920c8f8\n    [    4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n    [    4.264803]  (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n    [    4.264820]  #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n    [    4.264840]  #4:\n    [    4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n    [    4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n    [    4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n    [    4.304082] stack backtrace:\n    [    4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n    [    4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n    [    4.304097] Workqueue: async async_run_entry_fn\n    [    4.304106] Call trace:\n    [    4.304110]  show_stack+0x14/0x20 (C)\n    [    4.304122]  dump_stack_lvl+0x6c/0x90\n    [    4.304131]  dump_stack+0x14/0x1c\n    [    4.304138]  __lock_acquire+0xdfc/0x1584\n    [    4.426274]  lock_acquire+0x1c4/0x33c\n    [    4.429942]  _raw_spin_lock_irqsave+0x5c/0x80\n    [    4.434307]  gpio_rcar_config_interrupt_input_mode+0x34/0x164\n    [    4.440061]  gpio_rcar_irq_set_type+0xd4/0xd8\n    [    4.444422]  __irq_set_trigger+0x5c/0x178\n    [    4.448435]  __setup_irq+0x2e4/0x690\n    [    4.452012]  request_threaded_irq+0xc4/0x190\n    [    4.456285]  devm_request_threaded_irq+0x7c/0xf4\n    [    4.459398] ata1: link resume succeeded after 1 retries\n    [    4.460902]  mmc_gpiod_request_cd_irq+0x68/0xe0\n    [    4.470660]  mmc_start_host+0x50/0xac\n    [    4.474327]  mmc_add_host+0x80/0xe4\n    [    4.477817]  tmio_mmc_host_probe+0x2b0/0x440\n    [    4.482094]  renesas_sdhi_probe+0x488/0x6f4\n    [    4.486281]  renesas_sdhi_internal_dmac_probe+0x60/0x78\n    [    4.491509]  platform_probe+0x64/0xd8\n    [    4.495178]  really_probe+0xb8/0x2a8\n    [    4.498756]  __driver_probe_device+0x74/0x118\n    [    4.503116]  driver_probe_device+0x3c/0x154\n    [    4.507303]  __device_attach_driver+0xd4/0x160\n    [    4.511750]  bus_for_each_drv+0x84/0xe0\n    [    4.515588]  __device_attach_async_helper+0xb0/0xdc\n    [    4.520470]  async_run_entry_fn+0x30/0xd8\n    [    4.524481]  process_one_work+0x210/0x62c\n    [    4.528494]  worker_thread+0x1ac/0x340\n    [    4.532245]  kthread+0x10c/0x110\n    [    4.535476]  ret_from_fork+0x10/0x20"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio: rcar: Usar raw_spinlock para proteger el acceso a los registros. Usar raw_spinlock para corregir mensajes falsos sobre contexto no v\u00e1lido cuando la depuraci\u00f3n de spinlock est\u00e1 habilitada. El bloqueo solo se usa para serializar el acceso a los registros. [ 4.239592] =============================== [ 4.239595] [ ERROR: Contexto de espera no v\u00e1lido ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 No contaminado [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 est\u00e1 intentando bloquear: [ 4.239609] ffff0000091898a0 (\u0026amp;p-\u0026gt;lock){....}-{3:3}, en: gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.239641] otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: [ 4.239643] context-{5:5} [ 4.239646] 5 bloqueos mantenidos por kworker/u8:5/76: [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, en: process_one_work+0x190/0x62c [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Lectura de la propiedad booleana \u0027frame-master\u0027 con un valor. [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026amp;entry-\u0026gt;work)){+.+.}-{0:0}, en: process_one_work+0x1b8/0x62c [ 4.254109] #2: ffff00000920c8f8 [ 4.258345] DE: /soc/sound@ec500000/ports/port@1/endpoint: Lectura de la propiedad booleana \u0027bitclock-master\u0027 con un valor. [ 4.264803] (\u0026amp;dev-\u0026gt;mutex){....}-{4:4}, en: __device_attach_async_helper+0x3c/0xdc [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, en: __setup_irq+0xa0/0x690 [ 4.264840] #4: [ 4.268872] DE: /soc/sound@ec500000/ports/port@1/endpoint: Lectura de la propiedad booleana \u0027frame-master\u0027 con un valor. [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, en: __setup_irq+0xc4/0x690 [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: base mmc1 en 0x00000000ee100000, velocidad de reloj m\u00e1xima 200 MHz [ 4.304082] seguimiento de pila: [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 No contaminado 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 [ 4.304092] Nombre del hardware: Renesas Placa Salvator-X (2.\u00aa versi\u00f3n) basada en r8a77965 (DT) [4.304097] Cola de trabajo: async async_run_entry_fn [4.304106] Rastreo de llamadas: [4.304110] show_stack+0x14/0x20 (C) [4.304122] dump_stack_lvl+0x6c/0x90 [4.304131] dump_stack+0x14/0x1c [4.304138] __lock_acquire+0xdfc/0x1584 [4.426274] lock_acquire+0x1c4/0x33c [4.429942] _raw_spin_lock_irqsave+0x5c/0x80 [4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8 [ 4.444422] __irq_set_trigger+0x5c/0x178 [ 4.448435] __setup_irq+0x2e4/0x690 [ 4.452012] request_threaded_irq+0xc4/0x190 [ 4.456285] devm_request_threaded_irq+0x7c/0xf4 [ 4.459398] ata1: reanudaci\u00f3n del enlace exitosa despu\u00e9s de 1 reintento [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0 [ 4.470660] mmc_start_host+0x50/0xac [ 4.474327] mmc_add_host+0x80/0xe4 [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440 [ 4.482094] renesas_sdhi_probe+0x488/0x6f4 [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78 [ 4.491509] platform_probe+0x64/0xd8 [ 4.495178] really_probe+0xb8/0x2a8 [ 4.498756] __driver_probe_device+0x74/0x118 [ 4.503116] driver_probe_device+0x3c/0x154 [ 4.507303] __device_attach_driver+0xd4/0x160 [ 4.511750] bus_para_cada_unidad+0x84/0xe0 [ 4.515588] __device_attach_async_helper+0xb0/0xdc [ 4.520470] async_run_entry_fn+0x30/0xd8 [ 4.524481] process_one_work+0x210/0x62c [ 4.528494] work_thread+0x1ac/0x340 [ 4.532245] kthread+0x10c/0x110 [ 4.535476] ret_de_la_bifurcaci\u00f3n+0x10/0x20"
    }
  ],
  "id": "CVE-2025-21912",
  "lastModified": "2025-04-15T17:05:40.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-01T16:15:21.780",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2af"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.