Linux Kernel Stack Depot Deadlock Vulnerability in NMI Context

Vulnerability

A vulnerability in the Linux kernel's stack depot management could lead to a deadlock when handling Non-Maskable Interrupts (NMI). The issue arises in the 'stack_depot_save_flags()' function, which was intended to be used in NMI context without the 'STACK_DEPOT_FLAG_CAN_ALLOC' flag. However, the function still attempted to acquire the 'pool_lock' to save a stack trace, potentially causing a deadlock if an NMI occurred while the lock was held. The vulnerability has been addressed by modifying the function to only attempt to acquire the lock in NMI context and to relinquish the effort if unsuccessful. Additionally, the documentation has been updated for clarity.

Impact

The vulnerability could cause a deadlock situation, disrupting normal operations by halting process execution until the deadlock is resolved.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Stack Depot Deadlock Vulnerability in NMI Context

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating