Linux Kernel up to 6.13.1 queue_attr_store deadlock

Summaryinfo

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.1. Affected by this vulnerability is the function queue_attr_store. Performing a manipulation results in deadlock. This vulnerability is identified as CVE-2025-21807. There is not any exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.1. This affects the function queue_attr_store. The manipulation with an unknown input leads to a deadlock vulnerability. CWE is classifying the issue as CWE-833. The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. This is going to have an impact on availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queue_attr_store() always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will also lock the queue limits with a call to queue_limits_start_update(). However, some drivers (e.g. SCSI sd) may need to issue commands to a device to obtain limit values from the hardware with the queue limits locked. This creates a potential ABBA deadlock situation if a user attempts to modify a limit (thus freezing the device queue) while the device driver starts a revalidation of the device queue limits. Avoid such deadlock by not freezing the queue before calling the ->store_limit() method in struct queue_sysfs_entry and instead use the queue_limits_commit_update_frozen helper to freeze the queue after taking the limits lock. This also removes taking the sysfs lock for the store_limit method as it doesn't protect anything here, but creates even more nesting. Hopefully it will go away from the actual sysfs methods entirely soon. (commit log adapted from a similar patch from Damien Le Moal)

It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2025-21807 since 12/29/2024. The exploitability is told to be difficult. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 237679 (Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-984)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.13.2 or 6.14-rc1 eliminates this vulnerability. Applying the patch 8985da5481562e96b95e94ed8e5cc9b6565eb82b/c99f66e4084a62a2cc401c4704a84328aeddc9ec is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (237679) and CERT Bund (WID-SEC-2025-0461). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• Google Container-Optimized OS
• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• SUSE openSUSE
• Open Source Linux Kernel
• Dell Secure Connect Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.13.0
• 6.13.1

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion