Linux Kernel Virtio-Block Queue Management Vulnerability During System Suspend

Vulnerability

A vulnerability in the Linux kernel's virtio-block component relates to improper queue management during system suspend. The issue arises because the component replaces the queue quiesce method with a freeze method in its power management callbacks. While the freeze method is intended to pause operations and drain in-flight I/Os before suspension, it can inadvertently cause deadlocks. This occurs because freezing the queue in the current context can block attempts to enter the I/O processing queue, leading to a deadlock situation. The problem was highlighted by a lock dependency warning related to the virtio-block's queue freeze operation.

Impact

The vulnerability can lead to deadlock situations, where the system becomes unresponsive due to conflicting operations waiting on each other.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Virtio-Block Queue Management Vulnerability During System Suspend

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating