Vulnerability in Linux Kernel Affecting Thunderbolt Configuration Requests
CVE-2025-38174
What is CVE-2025-38174?
A fault in the Linux kernel's handling of Thunderbolt configuration requests has been identified, specifically in the tb_cfg_request_dequeue function. This vulnerability arises when requests are inadvertently dequeued multiple times, leading to system instability and potential crashes due to non-canonical addresses. The issue occurs when tb_cfg_request_work is scheduled more than once for the same request, compromising the integrity of the request queue and ultimately resulting in general protection faults. Mitigation efforts involve ensuring that requests lacking the TB_CFG_REQUEST_ACTIVE bit are not dequeued, thereby preventing double processing and enhancing overall system reliability.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0a3011d47dbc92a33621861c423cb64833d7fe57
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2f62eda4d974c26bc595425eafd429067541f2c9