Bug 2348916 (CVE-2025-21820) - CVE-2025-21820 kernel: tty: xilinx_uartps: split sysrq handling
Summary: CVE-2025-21820 kernel: tty: xilinx_uartps: split sysrq handling
Keywords:
Status: NEW
Alias: CVE-2025-21820
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-27 21:03 UTC by OSIDB Bzimport
Modified: 2025-02-28 04:28 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-27 21:03:01 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tty: xilinx_uartps: split sysrq handling

lockdep detects the following circular locking dependency:

CPU 0                      CPU 1
========================== ============================
cdns_uart_isr()            printk()
  uart_port_lock(port)       console_lock()
			     cdns_uart_console_write()
                               if (!port->sysrq)
                                 uart_port_lock(port)
  uart_handle_break()
    port->sysrq = ...
  uart_handle_sysrq_char()
    printk()
      console_lock()

The fixed commit attempts to avoid this situation by only taking the
port lock in cdns_uart_console_write if port->sysrq unset. However, if
(as shown above) cdns_uart_console_write runs before port->sysrq is set,
then it will try to take the port lock anyway. This may result in a
deadlock.

Fix this by splitting sysrq handling into two parts. We use the prepare
helper under the port lock and defer handling until we release the lock.
Comment 1 Avinash Hanwate 2025-02-28 04:23:13 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21820-f4ab@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.