Primary

Context

Linux Kernel Sleep-in-Atomic Vulnerability in Power Management Domains

Vulnerability

Patched

A sleep-in-atomic vulnerability has been identified in the Linux kernel's power management domain handling. When a domain with the GENPD_FLAG_IRQ_SAFE flag is removed, the genpd_debug_remove() function is called while holding a spinlock, leading to a context error. This issue was observed in the 5.17.0-rc4+ version of the kernel, specifically on the Thundercomm TurboX CM2290 hardware.

Impact

The vulnerability can cause a sleep-in-atomic bug, where a sleeping function is called from an invalid context, potentially leading to deadlocks or other synchronization issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Sleep-in-Atomic Vulnerability in Power Management Domains

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating