CVE-2025-38404
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-12-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of `cros_typec_altmode_data::mutex`. The call chain is as follows: 1. cros_typec_altmode_work() acquires the mutex 2. typec_altmode_vdm() -> dp_altmode_vdm() -> 3. typec_altmode_exit() -> cros_typec_altmode_exit() 4. cros_typec_altmode_exit() attempts to acquire the mutex again To prevent this, defer the `typec_altmode_exit()` call by scheduling it rather than calling it directly from within the mutex-protected context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-12-23
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38404
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.143
linux linux_kernel 6.6.96
linux linux_kernel 6.12.36
linux linux_kernel 6.15.5
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a potential deadlock in the Linux kernel's USB Type-C DisplayPort code. It occurs because a mutex (cros_typec_altmode_data::mutex) is acquired recursively in a call chain, leading to a deadlock situation. Specifically, the function cros_typec_altmode_work() acquires the mutex, and later in the call chain, cros_typec_altmode_exit() tries to acquire the same mutex again, causing the deadlock. The fix involves deferring the call to typec_altmode_exit() by scheduling it instead of calling it directly within the mutex-protected context.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to deadlock when handling USB Type-C DisplayPort alternate mode operations. A deadlock can freeze or hang the affected system or device, potentially leading to loss of functionality or requiring a reboot to recover.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the usb: typec: displayport deadlock issue has been fixed. The fix involves deferring the typec_altmode_exit() call by scheduling it rather than calling it directly within the mutex-protected context, preventing recursive lock acquisition and potential deadlock.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart