AZL-64647

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64647.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64647

Upstream

CVE-2025-38174

Published

2025-07-04T11:15:51Z

Modified

2026-04-01T05:20:49.714334Z

Summary

CVE-2025-38174 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Do not double dequeue a configuration request

Some of our devices crash in tbcfgrequest_dequeue():

general protection fault, probably for non-canonical address 0xdead000000000122

CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65 RIP: 0010:tbcfgrequestdequeue+0x2d/0xa0 Call Trace: <TASK> ? tbcfgrequestdequeue+0x2d/0xa0 tbcfgrequestwork+0x33/0x80 workerthread+0x386/0x8f0 kthread+0xed/0x110 retfromfork+0x38/0x50 retfromfork_asm+0x1b/0x30

The circumstances are unclear, however, the theory is that tbcfgrequestwork() can be scheduled twice for a request: first time via frame.callback from ringwork() and second time from tbcfgrequest(). Both times kworkers will execute tbcfgrequestdequeue(), which results in double listdel() from the ctl->request_queue (the list poison deference hints at it: 0xdead000000000122).

Do not dequeue requests that don't have TBCFGREQUEST_ACTIVE bit set.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38174

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64647.json"