Deadlock Issue in Linux Kernel's USB MIDI Functionality
CVE-2025-21859

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

What is CVE-2025-21859?

The Linux Kernel has a vulnerability in the USB MIDI subsystem, specifically within the f_midi functionality. A potential deadlock occurs when an attempt is made to acquire a lock through a re-entrant call in the f_midi_transmit method. This problem is especially critical when USB MIDI is in use, as it can lead to system hang-ups. The issue has been addressed by utilizing queue_work to manage the f_midi_transmit calls effectively, thereby preventing the deadlock situation.

Affected Version(s)

Linux d5daf49b58661ec4af7a55b277176efbf945ca05 < 727dee0857946b85232526de4f5a957fe163e89a

Linux d5daf49b58661ec4af7a55b277176efbf945ca05 < 1f10923404705a94891e612dff3b75e828a78368

Linux d5daf49b58661ec4af7a55b277176efbf945ca05

References

https://git.kernel.org/stable/c/727dee0857946b85232526de4...

https://git.kernel.org/stable/c/1f10923404705a94891e612df...

https://git.kernel.org/stable/c/b09957657d7767d164b3432af...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024