Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Circular Locking Dependency Vulnerability in Cgroup Freezer

Vulnerability

A circular locking dependency vulnerability has been identified in the Linux kernel's cgroup freezer mechanism. This issue arises from a change in the core freezer logic, where the handling of certain locking operations was modified. The vulnerability creates a deadlock scenario by improperly ordering locks related to CPU hotplug operations and the freezer mutex, potentially leading to a system hang.

Impact

Exploitation of this vulnerability can cause a deadlock, where processes are stuck waiting for each other to release locks, leading to a system hang.

Reproduction

The vulnerability can be reproduced by creating a circular locking scenario between the CPU hotplug lock and the freezer mutex. This can be done by writing to cgroup files that trigger the freezer's locking mechanism while simultaneously holding the CPU hotplug lock, creating a deadlock situation.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Oct 1, 2025, 1:33 PM
Updated: Oct 1, 2025, 1:33 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.