CVE-2025-38404

usb: typec: displayport: Fix potential deadlock

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of
`cros_typec_altmode_data::mutex`.
The call chain is as follows:
1. cros_typec_altmode_work() acquires the mutex
2. typec_altmode_vdm() -> dp_altmode_vdm() ->
3. typec_altmode_exit() -> cros_typec_altmode_exit()
4. cros_typec_altmode_exit() attempts to acquire the mutex again To prevent this, defer the `typec_altmode_exit()` call by scheduling
it rather than calling it directly from within the mutex-protected
context.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: displayport: Soluciona un posible bloqueo El bloqueo puede ocurrir debido a una adquisición de bloqueo recursiva de `cros_typec_altmode_data::mutex`. La cadena de llamadas es la siguiente: 1. cros_typec_altmode_work() adquiere el mutex 2. typec_altmode_vdm() -> dp_altmode_vdm() -> 3. typec_altmode_exit() -> cros_typec_altmode_exit() 4. cros_typec_altmode_exit() intenta adquirir el mutex de nuevo Para evitar esto, aplaza la llamada a `typec_altmode_exit()` programándola en lugar de llamarla directamente desde dentro del contexto protegido por mutex.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-28 CVE Updated
2025-07-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/8e8a69b1f8c59f0505f8a1c0fb77191f27b75011	Vuln. Introduced
https://git.kernel.org/stable/c/8851e40587013db00b71d4aeaae30f5fd59b0eec	Vuln. Introduced
https://git.kernel.org/stable/c/10cc2cfd3e5d0e0ec7590c4bee8bcea10e5492c4	Vuln. Introduced
https://git.kernel.org/stable/c/8f6a4fa7b663468bb304cb885b93326e025ae005	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/76cf1f33e7319fe74c94ac92f9814094ee8cc84b	2025-07-10
https://git.kernel.org/stable/c/63cff9f57e86b2dc25d7487ca0118df89a665296	2025-07-10
https://git.kernel.org/stable/c/c782f98eef14197affa8a7b91e6981420f109ea9	2025-07-10
https://git.kernel.org/stable/c/80c25d7916a44715338d4f8924c8e52af50d0b9f	2025-07-10
https://git.kernel.org/stable/c/749d9076735fb497aae60fbea9fff563f9ea3254	2025-07-17
https://git.kernel.org/stable/c/eb08fca56f1f39e4038cb9bac9864464b13b00aa	2025-07-17
https://git.kernel.org/stable/c/7be0d1ea71f52595499da39cea484a895e8ed042	2025-07-10
https://git.kernel.org/stable/c/099cf1fbb8afc3771f408109f62bdec66f85160e	2025-06-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.143 < 6.1.144 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.143 < 6.1.144"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.96 < 6.6.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.96 < 6.6.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12.36 < 6.12.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12.36 < 6.12.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.15.5 < 6.15.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.15.5 < 6.15.6"		en		Affected