Linux Kernel Queue Limit Handling Deadlock Vulnerability

Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's handling of device queue limits. When a user modifies a queue limit, the device queue is frozen, potentially leading to a deadlock if the device driver simultaneously revalidates the queue limits. This issue arises because some drivers, like SCSI sd, must communicate with the hardware to retrieve limit values, creating an ABBA deadlock scenario. The vulnerability has been addressed by changing the order of operations when updating queue limits, ensuring that the queue is only frozen after the limits have been safely updated, thus preventing the deadlock situation.

Impact

Exploitation of this vulnerability could lead to a deadlock condition, causing the system to hang or become unresponsive while waiting for resources to be released.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Queue Limit Handling Deadlock Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating