CVE-2025-23151

{"id": "CVE-2025-23151", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2025-05-01T13:15:51.003", "references": [{"url": "https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/899d0353ea69681f474b6bc9de32c663b89672da", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Fix race between unprepare and queue_buf\n\nA client driver may use mhi_unprepare_from_transfer() to quiesce\nincoming data during the client driver's tear down. The client driver\nmight also be processing data at the same time, resulting in a call to\nmhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs\nafter mhi_unprepare_from_transfer() has torn down the channel, a panic\nwill occur due to an invalid dereference leading to a page fault.\n\nThis occurs because mhi_gen_tre() does not verify the channel state\nafter locking it. Fix this by having mhi_gen_tre() confirm the channel\nstate is valid, or return error to avoid accessing deinitialized data.\n\n[mani: added stable tag]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: host: Correcci\u00f3n de la competencia entre unprepare y queue_buf. Un controlador de cliente podr\u00eda usar mhi_unprepare_from_transfer() para silenciar los datos entrantes durante su desconexi\u00f3n. El controlador de cliente tambi\u00e9n podr\u00eda estar procesando datos simult\u00e1neamente, lo que resulta en una llamada a mhi_queue_buf(), que invocar\u00e1 mhi_gen_tre(). Si mhi_gen_tre() se ejecuta despu\u00e9s de que mhi_unprepare_from_transfer() haya desconectado el canal, se producir\u00e1 un p\u00e1nico debido a una desreferencia no v\u00e1lida que provoca un fallo de p\u00e1gina. Esto ocurre porque mhi_gen_tre() no verifica el estado del canal despu\u00e9s de bloquearlo. Para solucionar esto, haga que mhi_gen_tre() confirme que el estado del canal es v\u00e1lido o devuelva un error para evitar acceder a los datos desinicializados. [mani: etiqueta estable a\u00f1adida]"}], "lastModified": "2025-11-05T17:58:11.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5922D110-A72E-4ABF-BE4E-78F3E666FEBB", "versionEndExcluding": "5.15.181", "versionStartIncluding": "5.15.149"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F59D82A9-7BCB-4170-8D2A-9B73B85EE703", "versionEndExcluding": "6.1.135", "versionStartIncluding": "6.1.76"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35C656BB-0AA5-47C3-B7F9-C9060D0AA035", "versionEndExcluding": "6.6.88", "versionStartIncluding": "6.6.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2D6D1DC-7D1A-4F28-832F-64DA3B91563B", "versionEndExcluding": "6.12.24", "versionStartIncluding": "6.7.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A475784-BF3B-4514-81EE-49C8522FB24A", "versionEndExcluding": "6.13.12", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "483E2E15-2135-4EC6-AB64-16282C5EF704", "versionEndExcluding": "6.14.3", "versionStartIncluding": "6.14"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}