2383439 – (CVE-2025-38404) CVE-2025-38404 kernel: usb: typec: displayport: Fix potential deadlock

Bug 2383439 (CVE-2025-38404) - CVE-2025-38404 kernel: usb: typec: displayport: Fix potential deadlock

Summary: CVE-2025-38404 kernel: usb: typec: displayport: Fix potential deadlock

Keywords:
Status:	NEW
Alias:	CVE-2025-38404
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-25 14:04 UTC by OSIDB Bzimport
Modified:	2025-07-25 18:21 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-25 14:04:49 UTC

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: displayport: Fix potential deadlock

The deadlock can occur due to a recursive lock acquisition of
`cros_typec_altmode_data::mutex`.
The call chain is as follows:
1. cros_typec_altmode_work() acquires the mutex
2. typec_altmode_vdm() -> dp_altmode_vdm() ->
3. typec_altmode_exit() -> cros_typec_altmode_exit()
4. cros_typec_altmode_exit() attempts to acquire the mutex again

To prevent this, defer the `typec_altmode_exit()` call by scheduling
it rather than calling it directly from within the mutex-protected
context.

Comment 1 Jon Moroney 2025-07-25 18:20:08 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072521-CVE-2025-38404-f719@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.