#VU108319 Improper locking in Linux kernel - CVE-2025-23151
Vulnerability identifier: #VU108319
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mhi_gen_tre() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.14, 6.14.1, 6.14.2
External links
https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380
https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760
https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b
https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1
https://git.kernel.org/stable/c/899d0353ea69681f474b6bc9de32c663b89672da
https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425
https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
