CVE-2025-37884 – Linux Kernel BPF Event Mutex Deadlock

May 9, 2025

CVE ID : CVE-2025-37884

Published : May 9, 2025, 7:16 a.m. | 4 hours, 51 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix deadlock between rcu_tasks_trace and event_mutex.

Fix the following deadlock:
CPU A
_free_event()
perf_kprobe_destroy()
mutex_lock(&event_mutex)
perf_trace_event_unreg()
synchronize_rcu_tasks_trace()

There are several paths where _free_event() grabs event_mutex
and calls sync_rcu_tasks_trace. Above is one such case.

CPU B
bpf_prog_test_run_syscall()
rcu_read_lock_trace()
bpf_prog_run_pin_on_cpu()
bpf_prog_load()
bpf_tracing_func_proto()
trace_set_clr_event()
mutex_lock(&event_mutex)

Delegate trace_set_clr_event() to workqueue to avoid
such lock dependency.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-37885 – KVM Linux Kernel MSI Route Handling Use-After-Free Vulnerability

Next Article CVE-2025-37883 – IBM s390 Linux Kernel Null Pointer Dereference Vulnerability

Highlights

CVE-2025-5620 – D-Link DIR-816 OS Command Injection Vulnerability

June 4, 2025

CVE ID : CVE-2025-5620

Published : June 5, 2025, 12:15 a.m. | 3 hours, 23 minutes ago

Description : A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-37884 – Linux Kernel BPF Event Mutex Deadlock

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

CVE-2025-47640 – Printcart Web to Print Product Designer for WooCommerce SQL Injection

pottery studio in ras al khaimah

diceware is a passphrase generator

CVE-2025-5620 – D-Link DIR-816 OS Command Injection Vulnerability

People’s Republic of China cyber threat activity: Cyber Threat Bulletin

CVE-2025-53485 – Mediawiki SecurePoll Election Admin Authentication Bypass

CVE-2025-47749 – SFT VS6 Edit Data Pointer Corruption Buffer Overflow

CVE-2025-37884 – Linux Kernel BPF Event Mutex Deadlock

Related Posts