CVE-2025-38404Improper Locking in Linux

CWE-667Improper Locking7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedJul 25

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of `cros_typec_altmode_data::mutex`. The call chain is as follows: 1. cros_typec_altmode_work() acquires the mutex 2. typec_altmode_vdm() -> dp_altmode_vdm() -> 3. typec_altmode_exit() -> cros_typec_altmode_exit() 4. cros_typec_altmode_exit() attempts to acquire the mutex again To prevent this, defer the `typec_altmode_e

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

Debianlinux/linux_kernel< 5.10.244-1+3
NVDlinux/linux_kernel5 versions+4
CVEListV5linux/linuxe0359c66c1beccbe90119a63391678eabda38007749d9076735fb497aae60fbea9fff563f9ea3254+11

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
usb: typec: displayport: Fix potential deadlock2025-07-25
OSV
CVE-2025-38404: In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a re2025-07-25
GHSA
GHSA-whrv-p2hp-qr7f: In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a2025-07-25

📋Vendor Advisories

3
Red Hat
kernel: usb: typec: displayport: Fix potential deadlock2025-07-25
Microsoft
usb: typec: displayport: Fix potential deadlock2025-07-08
Debian
CVE-2025-38404: linux - In the Linux kernel, the following vulnerability has been resolved: usb: typec:...2025
CVE-2025-38404 — Improper Locking in Linux | cvebase