1. Home
  2. Vulnerabilities
  3. CVE-2025-37968
0.0
NA
CVE-2025-37968
iio: light: opt3001: fix deadlock due to concurrent flag access
Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making the opt3001_irq() code generally more robust, reading the flag into a variable and using the variable value at both stages.

INFO

Published Date :

May 20, 2025, 5:15 p.m.

Last Modified :

Nov. 3, 2025, 6:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-37968 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Resolve deadlock by ensuring consistent flag access within the driver's interrupt function.
  • Read the flag into a local variable.
  • Use the variable consistently for mutex operations.
  • Ensure proper mutex locking and unlocking.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-37968.

URL Resource
https://git.kernel.org/stable/c/1d7def97e7eb65865ccc01bbdf4eb9e6bbe8a5b5
https://git.kernel.org/stable/c/2c95c8f0959d0a72575eabf2ff888f47ed6d8b77
https://git.kernel.org/stable/c/748ebd8e61d0bc182c331b8df3887af7285c8a8f
https://git.kernel.org/stable/c/7ca84f6a22d50bf8b31efe9eb05f9859947266d7
https://git.kernel.org/stable/c/957e8be112636d9bc692917286e81e54bd87decc
https://git.kernel.org/stable/c/a9c56ccb7cddfca754291fb24b108a5350a5fbe9
https://git.kernel.org/stable/c/e791bf216c9e236b34dabf514ec0ede140cca719
https://git.kernel.org/stable/c/f063a28002e3350088b4577c5640882bf4ea17ea
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-37968 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-37968 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-37968 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-37968 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 03, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 09, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/1d7def97e7eb65865ccc01bbdf4eb9e6bbe8a5b5
    Added Reference https://git.kernel.org/stable/c/748ebd8e61d0bc182c331b8df3887af7285c8a8f
    Added Reference https://git.kernel.org/stable/c/957e8be112636d9bc692917286e81e54bd87decc
    Added Reference https://git.kernel.org/stable/c/a9c56ccb7cddfca754291fb24b108a5350a5fbe9
    Added Reference https://git.kernel.org/stable/c/e791bf216c9e236b34dabf514ec0ede140cca719
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 22, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/7ca84f6a22d50bf8b31efe9eb05f9859947266d7
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 20, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making the opt3001_irq() code generally more robust, reading the flag into a variable and using the variable value at both stages.
    Added Reference https://git.kernel.org/stable/c/2c95c8f0959d0a72575eabf2ff888f47ed6d8b77
    Added Reference https://git.kernel.org/stable/c/f063a28002e3350088b4577c5640882bf4ea17ea
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.