CVE-2025-23151

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-23151
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23151.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-23151
Downstream
Related
Published
2025-05-01T12:55:38.833Z
Modified
2025-11-27T02:32:36.942496Z
Summary
bus: mhi: host: Fix race between unprepare and queue_buf
Details

In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: host: Fix race between unprepare and queue_buf

A client driver may use mhiunpreparefromtransfer() to quiesce incoming data during the client driver's tear down. The client driver might also be processing data at the same time, resulting in a call to mhiqueuebuf() which will invoke mhigentre(). If mhigentre() runs after mhiunpreparefromtransfer() has torn down the channel, a panic will occur due to an invalid dereference leading to a page fault.

This occurs because mhigentre() does not verify the channel state after locking it. Fix this by having mhigentre() confirm the channel state is valid, or return error to avoid accessing deinitialized data.

[mani: added stable tag]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/23xxx/CVE-2025-23151.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
176ed1727badd2fad2158e2b214dcbc24f4be7a1
Fixed
899d0353ea69681f474b6bc9de32c663b89672da
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0b093176fd0967a5f56e2c86b0d48247f6c0fa0f
Fixed
3e7ecf181cbdde9753204ada3883ca1704d8702b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ce16274a6b8d1483d0d8383272deb2bfd1b577ca
Fixed
5f084993c90d9d0b4a52a349ede5120f992a7ca1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b89b6a863dd53bc70d8e52d50f9cfaef8ef5e9c9
Fixed
a77955f7704b2a00385e232cbcc1cb06b5c7a425
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b89b6a863dd53bc70d8e52d50f9cfaef8ef5e9c9
Fixed
178e5657c8fd285125cc6743a81b513bce099760
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b89b6a863dd53bc70d8e52d50f9cfaef8ef5e9c9
Fixed
ee1fce83ed56450087309b9b74ad9bcb2b010fa6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b89b6a863dd53bc70d8e52d50f9cfaef8ef5e9c9
Fixed
0686a818d77a431fc3ba2fab4b46bbb04e8c9380
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
642adb03541673f3897f64bbb62856ffd73807f5

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.181
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.135
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.88
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.24
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.3