Linux Kernel Deadlock Vulnerability in megaraid_sas SCSI Driver

Vulnerability

A potential deadlock vulnerability has been identified in the Linux kernel's SCSI megaraid_sas driver. This issue arises from a circular locking dependency, where two CPUs can become stuck waiting for each other to release locks, potentially leading to a deadlock situation. The vulnerability has been addressed by modifying the locking mechanism to temporarily release one of the mutexes, preventing the circular dependency.

Impact

Exploitation of this vulnerability could lead to a deadlock situation, causing the system to hang as it gets stuck waiting for resources to be released.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Deadlock Vulnerability in megaraid_sas SCSI Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating