DEBIAN-CVE-2025-37907

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpujobsubmit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submittedjobs (#1). After the last job is destroyed, it proceeds to release the related context and locks filepriv (#2). Meanwhile, in the job submission thread, the filepriv lock (#2) is taken first, and then the submittedjobs lock (#1) is obtained when a job is added to the submitted jobs list. CPU0 CPU1 ---- ---- (for example due to a fault) (jobs submissions keep coming) lock(&vdev->submittedjobslock) #1 ivpujobsabortall() jobdestroy() lock(&filepriv->lock) #2 lock(&vdev->submittedjobslock) #1 fileprivrelease() lock(&vdev->contextlistlock) lock(&filepriv->lock) #2 This order of locking causes a deadlock. To resolve this issue, change the order of locking in ivpujobsubmit().