2406742 – (CVE-2025-40071) CVE-2025-40071 kernel: tty: n_gsm: Don't block input queue by waiting MSC

Bug 2406742 (CVE-2025-40071) - CVE-2025-40071 kernel: tty: n_gsm: Don't block input queue by waiting MSC

Summary: CVE-2025-40071 kernel: tty: n_gsm: Don't block input queue by waiting MSC

Keywords:
Status:	NEW
Alias:	CVE-2025-40071
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-28 12:03 UTC by OSIDB Bzimport
Modified:	2025-10-28 19:02 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-28 12:03:02 UTC

In the Linux kernel, the following vulnerability has been resolved:

tty: n_gsm: Don't block input queue by waiting MSC

Currently gsm_queue() processes incoming frames and when opening
a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().
If basic mode is used it calls gsm_modem_upd_via_msc() and it
cannot block the input queue by waiting the response to come
into the same input queue.

Instead allow sending Modem Status Command without waiting for remote
end to respond. Define a new function gsm_modem_send_initial_msc()
for this purpose. As MSC is only valid for basic encoding, it does
not do anything for advanced or when convergence layer type 2 is used.

Comment 1 Jon Moroney 2025-10-28 19:00:07 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025102818-CVE-2025-40071-6cff@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.