#VU107745 Improper locking in Linux kernel - CVE-2025-22098

Cybersecurity Help s.r.o.

Published: 2025-04-22 | Updated: 2025-05-10

Vulnerability identifier: #VU107745

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22098

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the zynqmp_dp_ignore_hpd_set() function in drivers/gpu/drm/xlnx/zynqmp_dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8, 6.13.9, 6.13.10, 6.14, 6.14.1

External links
https://git.kernel.org/stable/c/3f988cd2f65175e79349961a43a9deb115174784
https://git.kernel.org/stable/c/7a8d53aa5b7d2a89cda598239d08423bd66920f1
https://git.kernel.org/stable/c/f887685ee0eb4ef716391355568181230338f6eb
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure

Ubuntu update for linux

Improper locking in Linux kernel drm xlnx driver