CVE-2025-23161 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type

The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose.

A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as the pci_lock.

Make vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with interrupts disabled.

This was reported as:

BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 Call Trace: rt_spin_lock+0x4e/0x130 vmd_pci_read+0x8d/0x100 [vmd]
pci_user_read_config_byte+0x6f/0xe0 pci_read_config+0xfe/0x290 sysfs_kf_bin_read+0x68/0x90

[bigeasy: reword commit message]
Tested-off-by: Luis Claudio R. Goncalves <[email protected]> [kwilczynski: commit log]
[bhelgaas: add back report info from
https://lore.kernel.org/lkml/[email protected]/]

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 03/15/2026

The vulnerability CVE-2025-23161 addresses a critical synchronization issue within the Linux kernel's PCI Virtual Memory Device (VMD) subsystem that can lead to system instability and potential denial of service conditions. This flaw specifically affects the handling of PCI configuration space access operations through the vmd driver, which is responsible for managing Intel Virtual Memory Devices that provide memory-like access to PCIe devices. The root cause lies in the improper use of locking primitives within the kernel's low-level hardware access paths, creating a scenario where sleeping locks are attempted to be acquired in contexts where interrupts are disabled, which is a fundamental requirement for real-time systems.

The technical flaw stems from the incorrect use of spinlock_t instead of raw_spinlock_t for the vmd_dev::cfg_lock variable. In standard kernel configurations, spinlock_t functions adequately, but under PREEMPT_RT configurations, spinlock_t transforms into a sleeping lock that cannot be acquired when interrupts are disabled. This creates a direct contradiction with the PCI configuration space access requirements, which must occur in interrupt-disabled contexts to maintain system stability and prevent race conditions. The vmd driver's pci_ops::read and pci_ops::write functions operate in precisely these contexts, making the use of a sleeping lock fatal to system operation. The kernel's locking subsystem detects this violation and generates a BUG message indicating that a sleeping function was called from an invalid context, specifically at kernel/locking/spinlock_rt.c:48, which is a clear indicator of the underlying synchronization problem.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise the entire system's real-time capabilities and stability. When the vmd driver attempts to access PCI configuration space, the system encounters a deadlock scenario where the sleeping lock mechanism cannot proceed due to disabled interrupts, leading to system hangs or complete system lockups. This is particularly concerning for server and embedded systems that rely on PREEMPT_RT for deterministic behavior and real-time performance requirements. The vulnerability affects systems using Intel VMD controllers and any kernel version that includes the affected vmd driver code, making it a widespread concern across various hardware platforms that utilize virtual memory devices for enhanced memory access patterns.

Mitigation strategies for this vulnerability require immediate kernel updates that implement the fix by changing vmd_dev::cfg_lock from spinlock_t to raw_spinlock_t type, ensuring compatibility with interrupt-disabled contexts. System administrators should prioritize applying the patched kernel version as soon as possible, particularly in production environments where system stability is paramount. Additionally, monitoring systems should be configured to detect and alert on kernel BUG messages related to sleeping locks being called from invalid contexts, as these can serve as early warning indicators of similar synchronization issues. The fix aligns with industry best practices for real-time kernel development and follows the established patterns for low-level hardware access synchronization in the Linux kernel, where raw_spinlock_t is the appropriate choice for contexts requiring interrupt disablement and immediate lock acquisition. This vulnerability demonstrates the importance of careful lock selection in kernel code, especially when dealing with hardware access paths that have strict timing and interrupt handling requirements, and it serves as a reminder of the complexities involved in maintaining system stability across different kernel configuration options such as PREEMPT_RT.

Responsible

Linux

Reservation

01/11/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00122

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!