CVE-2025-38404

MEDIUM EPSS 2.9%
Published Jul 25, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of `cros_typec_altmode_data::mutex`. The call chain is as follows: 1. cros_typec_altmode_work() acquires the mutex 2. typec_altmode_vdm() -> dp_altmode_vdm() -> 3. typec_altmode_exit() -> cros_typec_altmode_exit() 4. cros_typec_altmode_exit() attempts to acquire the mutex again To prevent this, defer the `typec_altmode_exit()` call by scheduling it rather than calling it directly from within the mutex-protected context.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel6.1.143any
linuxlinux_kernel6.6.96any
linuxlinux_kernel6.12.36any
linuxlinux_kernel6.15.5any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/099cf1fbb8afc3771f408109f62bdec66f85160e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63cff9f57e86b2dc25d7487ca0118df89a665296
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/749d9076735fb497aae60fbea9fff563f9ea3254
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/76cf1f33e7319fe74c94ac92f9814094ee8cc84b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7be0d1ea71f52595499da39cea484a895e8ed042
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/80c25d7916a44715338d4f8924c8e52af50d0b9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c782f98eef14197affa8a7b91e6981420f109ea9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb08fca56f1f39e4038cb9bac9864464b13b00aa
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/099cf1fbb8afc3771f408109f62bdec66f85160e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63cff9f57e86b2dc25d7487ca0118df89a665296
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/749d9076735fb497aae60fbea9fff563f9ea3254
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/76cf1f33e7319fe74c94ac92f9814094ee8cc84b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7be0d1ea71f52595499da39cea484a895e8ed042
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/80c25d7916a44715338d4f8924c8e52af50d0b9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c782f98eef14197affa8a7b91e6981420f109ea9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb08fca56f1f39e4038cb9bac9864464b13b00aa
    Patch