CVE-2025-71180

Summary

In the Linux kernel, the following vulnerability has been resolved:

counter: interrupt-cnt: Drop IRQF_NO_THREAD flag

An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns:

[ BUG: Invalid wait context ] 6.18.0-rc1+git… #1

some-user-space-process/1251 is trying to lock: (&counter->events_list_lock){….}-{3:3}, at: counter_push_event [counter] other info that might help us debug this: context-{2:2} no locks held by some-user-space-process/…. stack backtrace: CPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git… #1 PREEMPT Call trace: show_stack (C) dump_stack_lvl dump_stack __lock_acquire lock_acquire _raw_spin_lock_irqsave counter_push_event [counter] interrupt_cnt_isr [interrupt_cnt] __handle_irq_event_percpu handle_irq_event handle_simple_irq handle_irq_desc generic_handle_domain_irq gpio_irq_handler handle_irq_desc generic_handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler el0_interrupt __el0_irq_handler_common el0t_64_irq_handler el0t_64_irq

… and Sebastian correctly points out. Remove IRQF_NO_THREAD as an alternative to switching to raw_spinlock_t, because the latter would limit all potential nested locks to raw_spinlock_t only.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa55ebd47f21f6f0472766fb52c973849e31d1466 < ef668c9a2261ec9287faba6e6ef05a98b391aa2baffected
LinuxLinuxa55ebd47f21f6f0472766fb52c973849e31d1466 < 51d2e5d6491447258cb39ff1deb93df15d3c23cbaffected
LinuxLinuxa55ebd47f21f6f0472766fb52c973849e31d1466 < 1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7caffected
LinuxLinuxa55ebd47f21f6f0472766fb52c973849e31d1466 < 49a66829dd3653695e60d7cae13521d131362fcdaffected
LinuxLinuxa55ebd47f21f6f0472766fb52c973849e31d1466 < 425886b1f8304621b3f16632b274357067d5f13faffected
LinuxLinuxa55ebd47f21f6f0472766fb52c973849e31d1466 < 23f9485510c338476b9735d516c1d4aacb810d46affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.161 <= 6.1.*unaffected
LinuxLinux6.6.121 <= 6.6.*unaffected
LinuxLinux6.12.66 <= 6.12.*unaffected
LinuxLinux6.18.6 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References