CVE-2025-22014: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\n", req->service_name, ret); Timeout error log due to deadlock: " PDR: tms/servreg get domain list txn wait failed: -110 PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110 " Thanks to Bjorn and Johan for letting me know that this commit also fixes an audio regression when using the in-kernel pd-mapper as that makes it easier to hit this race. [1]
AI Analysis
Technical Summary
CVE-2025-22014 is a vulnerability identified in the Linux kernel related to the Qualcomm (qcom) PDR (Protocol Data Router) subsystem. The issue arises from a potential deadlock condition triggered when multiple processes interact with the PDR service lookup and locator mechanisms. Specifically, when process A calls pdr_add_lookup() to add a lookup for a service and schedules locator work, process B may concurrently receive a new server packet indicating the locator is up and calls pdr_locator_new_server(). This function sets the flag pdr->locator_init_complete to true, which process A observes and then attempts to acquire a list lock to query the domain list. However, this leads to a deadlock because the response is queued to the same ordered workqueue (qmi->wq), and process B cannot complete the new server request work due to the list lock being held by process A. The deadlock manifests as a timeout error in the kernel logs, with messages such as "PDR: tms/servreg get domain list txn wait failed: -110" and "PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110". The root cause is unnecessary list iteration in the code path, which was fixed by removing redundant list iterations and ensuring that schedule_work() is called appropriately to avoid the deadlock. This fix also resolves an audio regression issue related to the in-kernel pd-mapper, which made the race condition easier to trigger. The vulnerability affects specific Linux kernel versions identified by the commit hash fbe639b44a82755d639df1c5d147c93f02ac5a0f. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication.
Potential Impact
The deadlock vulnerability in the Linux kernel's Qualcomm PDR subsystem can lead to denial of service (DoS) conditions on affected systems. Specifically, processes relying on the PDR service lookup may experience timeouts and failures in service discovery, which can cascade into broader system instability or degraded functionality. For European organizations, particularly those deploying Linux-based embedded systems, mobile devices, or network infrastructure that utilize Qualcomm chipsets and the affected kernel versions, this could disrupt critical services. The audio regression fix linked to this vulnerability indicates that multimedia or telecommunication applications might also be impacted, potentially affecting user experience or operational communications. While the vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact can be significant in environments requiring high availability, such as telecommunications providers, industrial control systems, and cloud infrastructure providers prevalent in Europe.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to the patched version that removes the redundant list iteration and properly schedules work to avoid deadlocks. This involves applying the specific commit identified by the hash fbe639b44a82755d639df1c5d147c93f02ac5a0f or later stable kernel releases that include this fix. For embedded and mobile devices using Qualcomm chipsets, vendors should be engaged to provide updated firmware or kernel patches. Additionally, organizations should audit their systems to identify deployments running affected kernel versions and assess the usage of the PDR subsystem, especially in audio and telecommunication stacks. Monitoring kernel logs for the specific timeout error messages can help detect attempts to exploit or trigger the deadlock. As a proactive measure, testing updates in staging environments is recommended to ensure no regressions occur post-patching. Finally, maintaining robust incident response plans for potential denial of service events will help minimize operational impact.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2025-22014: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\n", req->service_name, ret); Timeout error log due to deadlock: " PDR: tms/servreg get domain list txn wait failed: -110 PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110 " Thanks to Bjorn and Johan for letting me know that this commit also fixes an audio regression when using the in-kernel pd-mapper as that makes it easier to hit this race. [1]
AI-Powered Analysis
Technical Analysis
CVE-2025-22014 is a vulnerability identified in the Linux kernel related to the Qualcomm (qcom) PDR (Protocol Data Router) subsystem. The issue arises from a potential deadlock condition triggered when multiple processes interact with the PDR service lookup and locator mechanisms. Specifically, when process A calls pdr_add_lookup() to add a lookup for a service and schedules locator work, process B may concurrently receive a new server packet indicating the locator is up and calls pdr_locator_new_server(). This function sets the flag pdr->locator_init_complete to true, which process A observes and then attempts to acquire a list lock to query the domain list. However, this leads to a deadlock because the response is queued to the same ordered workqueue (qmi->wq), and process B cannot complete the new server request work due to the list lock being held by process A. The deadlock manifests as a timeout error in the kernel logs, with messages such as "PDR: tms/servreg get domain list txn wait failed: -110" and "PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110". The root cause is unnecessary list iteration in the code path, which was fixed by removing redundant list iterations and ensuring that schedule_work() is called appropriately to avoid the deadlock. This fix also resolves an audio regression issue related to the in-kernel pd-mapper, which made the race condition easier to trigger. The vulnerability affects specific Linux kernel versions identified by the commit hash fbe639b44a82755d639df1c5d147c93f02ac5a0f. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication.
Potential Impact
The deadlock vulnerability in the Linux kernel's Qualcomm PDR subsystem can lead to denial of service (DoS) conditions on affected systems. Specifically, processes relying on the PDR service lookup may experience timeouts and failures in service discovery, which can cascade into broader system instability or degraded functionality. For European organizations, particularly those deploying Linux-based embedded systems, mobile devices, or network infrastructure that utilize Qualcomm chipsets and the affected kernel versions, this could disrupt critical services. The audio regression fix linked to this vulnerability indicates that multimedia or telecommunication applications might also be impacted, potentially affecting user experience or operational communications. While the vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact can be significant in environments requiring high availability, such as telecommunications providers, industrial control systems, and cloud infrastructure providers prevalent in Europe.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to the patched version that removes the redundant list iteration and properly schedules work to avoid deadlocks. This involves applying the specific commit identified by the hash fbe639b44a82755d639df1c5d147c93f02ac5a0f or later stable kernel releases that include this fix. For embedded and mobile devices using Qualcomm chipsets, vendors should be engaged to provide updated firmware or kernel patches. Additionally, organizations should audit their systems to identify deployments running affected kernel versions and assess the usage of the PDR subsystem, especially in audio and telecommunication stacks. Monitoring kernel logs for the specific timeout error messages can help detect attempts to exploit or trigger the deadlock. As a proactive measure, testing updates in staging environments is recommended to ensure no regressions occur post-patching. Finally, maintaining robust incident response plans for potential denial of service events will help minimize operational impact.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.806Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7e5d
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 6/30/2025, 8:13:00 AM
Last updated: 7/27/2025, 4:14:50 PM
Views: 10
Related Threats
CVE-2025-25229: Vulnerability in Omnissa Omnissa Workspace ONE UEM
MediumCVE-2025-25231: Vulnerability in Omnissa Omnissa Workspace ONE UEM
HighCVE-2025-53187: CWE-94 Improper Control of Generation of Code ('Code Injection') in ABB ASPECT
HighCVE-2025-54063: CWE-94: Improper Control of Generation of Code ('Code Injection') in CherryHQ cherry-studio
HighCVE-2025-1500: CWE-434 Unrestricted Upload of File with Dangerous Type in IBM Maximo Application Suite
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.