#VU108811 Improper locking in Linux kernel - CVE-2025-37815
Published: May 8, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108811
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37815
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/1263d5f581908602c618c6665e683c4436383a09
- https://git.kernel.org/stable/c/12cc2193f2b9548e8ea5fbce8201b44158222edf
- https://git.kernel.org/stable/c/18eb77c75ed01439f96ae5c0f33461eb5134b907
- https://git.kernel.org/stable/c/4e02059dc91068bc5017b8546f9ec3b930f6d6a6
- https://git.kernel.org/stable/c/62957f58ab3aa7fa792dc6ff3575624062539a4d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.89