Improper locking in Linux kernel soc qcom driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-22014
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU107751

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pdr_locator_new_server() function in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12 - 6.12.20

CPE2.3 External links

https://git.kernel.org/stable/c/02612f1e4c34d94d6c8ee75bf7d254ed697e22d4
https://git.kernel.org/stable/c/0a566a79aca9851fae140536e0fc5b0853c90a90
https://git.kernel.org/stable/c/2eeb03ad9f42dfece63051be2400af487ddb96d2
https://git.kernel.org/stable/c/72a222b6af10c2a05a5fad0029246229ed8912c2
https://git.kernel.org/stable/c/daba84612236de3ab39083e62c9e326a654ebd20
https://git.kernel.org/stable/c/f2bbfd50e95bc117360f0f59e629aa03d821ebd6
https://git.kernel.org/stable/c/f4489260f5713c94e1966e5f20445bff262876f4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.21


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###