Race Condition in Linux Kernel Affects Bootlog Initialization in QAIC
CVE-2025-40177
What is CVE-2025-40177?
A vulnerability has been identified in the Linux kernel related to the bootlog initialization sequence for the QAIC component. The issue arises when MHI buffers are queued for data reception before all necessary resources for processing that data are adequately initialized. This leads to a race condition between the 'probe()' process and incoming data from the device, resulting in the potential for page faults if the uninitialized resources are accessed. The resolution involves adjusting the initialization order to ensure resources are fully prepared before data queuing, thereby eliminating the risk of race conditions.
Affected Version(s)
Linux 5f8df5c6def641c164ed1b673d47a41fdd0013f8 < 646868e6962b14e25ae7462fdd1fb061b40c1f16
Linux 5f8df5c6def641c164ed1b673d47a41fdd0013f8 < 48814afc7372f96a9584125c8508dffc88d1d378
Linux 5f8df5c6def641c164ed1b673d47a41fdd0013f8