Volerion logoVolerion
Volerion logoVolerion

Linux Kernel VMCI Threaded IRQ Vulnerability Leading to Potential Deadlock

Vulnerability

A vulnerability in the Linux kernel's VMCI (Virtual Machine Communication Interface) component has been addressed. The issue arose because the 'vmci_dispatch_dgs' tasklet function called 'vmci_read_data', which used 'wait_event'. This created an invalid sleep in an atomic context, potentially leading to a deadlock. The vulnerability has been resolved by replacing tasklets with threaded interrupts, eliminating the problematic sleep in atomic context.

Impact

The vulnerability could cause a deadlock by allowing a sleeping function to be called from an invalid context, disrupting normal execution flow.

Reproduction

The vulnerability can be reproduced by triggering the 'vmci_dispatch_dgs' tasklet function, which will then call 'vmci_read_data'. This sequence creates an invalid sleep in an atomic context, as indicated by the kernel's debugging output, which reports a sleeping function called from an invalid context, with preemption disabled and a lock held.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
0.0
relevance
0.0
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.