CVE-2025-37928: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context.
AI Analysis
Technical Summary
CVE-2025-37928 is a vulnerability identified in the Linux kernel, specifically within the device mapper buffer I/O (dm-bufio) subsystem. The issue arises from improper handling of scheduling in atomic contexts. The vulnerability manifests when the kernel configuration enables CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet, leading to a kernel BUG triggered by a sleeping function being called from an invalid context. The root cause is that dm_bufio_lock invokes spin_lock_bh while try_verify_in_tasklet is enabled, and subsequently, the __scan function is called in an atomic context where sleeping is disallowed. This results in kernel panics or oops errors, as evidenced by the detailed kernel trace logs showing preemption disabled and scheduling attempts in atomic context. The problem is particularly evident in the shrink_work function within the dm_bufio_cache workqueue. The vulnerability affects Linux kernel versions identified by the commit hash 7cd326747f46ffe1c7bff5682e97dfbcb98990ec and potentially others with similar dm-bufio implementations. While no CVSS score has been assigned, the vulnerability can cause system instability or denial of service due to kernel crashes. It does not appear to allow privilege escalation or arbitrary code execution directly but can disrupt system availability. The vulnerability is relevant to systems running Linux kernels with dm-bufio enabled, especially those with debugging features for atomic sleep enabled, which may be more common in development or specialized environments. The issue was reported on a Qualcomm-based Android device, indicating that embedded and mobile Linux systems could also be impacted. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, the primary impact of CVE-2025-37928 is the potential for denial of service through kernel crashes on affected Linux systems. This can disrupt critical infrastructure, servers, and embedded devices relying on the Linux kernel with dm-bufio enabled. Organizations using Linux-based servers for cloud services, telecommunications, or industrial control systems may experience outages or degraded performance. The vulnerability could affect data centers, telecom providers, and enterprises running Linux kernels with debugging features enabled. Although the vulnerability does not directly lead to data breaches or privilege escalation, the resulting instability can cause service interruptions, impacting business continuity and operational reliability. Embedded Linux devices, including IoT and mobile devices used in European industries, may also be vulnerable, potentially affecting supply chains and operational technology environments. The lack of known exploits reduces immediate risk, but the vulnerability's presence in kernel code means that attackers could develop denial-of-service attacks targeting affected systems. Given the widespread use of Linux in Europe across various sectors, the impact could be significant if unpatched systems are exploited or encounter this bug during normal operation.
Mitigation Recommendations
To mitigate CVE-2025-37928, European organizations should: 1) Apply the latest Linux kernel patches that address the dm-bufio scheduling issue as soon as they become available from trusted sources or distributions. 2) Disable CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet kernel options in production environments unless explicitly required for debugging, as these options contribute to triggering the vulnerability. 3) Audit and monitor systems for kernel oops or BUG messages related to dm-bufio or scheduling anomalies to detect potential exploitation or system instability early. 4) For embedded and mobile Linux devices, coordinate with vendors to ensure firmware updates include the fix. 5) Implement robust kernel crash recovery mechanisms and maintain regular backups to minimize downtime in case of crashes. 6) Limit exposure of critical Linux systems by restricting access and employing network segmentation to reduce the attack surface. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These steps go beyond generic advice by focusing on kernel configuration management, proactive monitoring, and vendor coordination specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2025-37928: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context.
AI-Powered Analysis
Technical Analysis
CVE-2025-37928 is a vulnerability identified in the Linux kernel, specifically within the device mapper buffer I/O (dm-bufio) subsystem. The issue arises from improper handling of scheduling in atomic contexts. The vulnerability manifests when the kernel configuration enables CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet, leading to a kernel BUG triggered by a sleeping function being called from an invalid context. The root cause is that dm_bufio_lock invokes spin_lock_bh while try_verify_in_tasklet is enabled, and subsequently, the __scan function is called in an atomic context where sleeping is disallowed. This results in kernel panics or oops errors, as evidenced by the detailed kernel trace logs showing preemption disabled and scheduling attempts in atomic context. The problem is particularly evident in the shrink_work function within the dm_bufio_cache workqueue. The vulnerability affects Linux kernel versions identified by the commit hash 7cd326747f46ffe1c7bff5682e97dfbcb98990ec and potentially others with similar dm-bufio implementations. While no CVSS score has been assigned, the vulnerability can cause system instability or denial of service due to kernel crashes. It does not appear to allow privilege escalation or arbitrary code execution directly but can disrupt system availability. The vulnerability is relevant to systems running Linux kernels with dm-bufio enabled, especially those with debugging features for atomic sleep enabled, which may be more common in development or specialized environments. The issue was reported on a Qualcomm-based Android device, indicating that embedded and mobile Linux systems could also be impacted. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, the primary impact of CVE-2025-37928 is the potential for denial of service through kernel crashes on affected Linux systems. This can disrupt critical infrastructure, servers, and embedded devices relying on the Linux kernel with dm-bufio enabled. Organizations using Linux-based servers for cloud services, telecommunications, or industrial control systems may experience outages or degraded performance. The vulnerability could affect data centers, telecom providers, and enterprises running Linux kernels with debugging features enabled. Although the vulnerability does not directly lead to data breaches or privilege escalation, the resulting instability can cause service interruptions, impacting business continuity and operational reliability. Embedded Linux devices, including IoT and mobile devices used in European industries, may also be vulnerable, potentially affecting supply chains and operational technology environments. The lack of known exploits reduces immediate risk, but the vulnerability's presence in kernel code means that attackers could develop denial-of-service attacks targeting affected systems. Given the widespread use of Linux in Europe across various sectors, the impact could be significant if unpatched systems are exploited or encounter this bug during normal operation.
Mitigation Recommendations
To mitigate CVE-2025-37928, European organizations should: 1) Apply the latest Linux kernel patches that address the dm-bufio scheduling issue as soon as they become available from trusted sources or distributions. 2) Disable CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet kernel options in production environments unless explicitly required for debugging, as these options contribute to triggering the vulnerability. 3) Audit and monitor systems for kernel oops or BUG messages related to dm-bufio or scheduling anomalies to detect potential exploitation or system instability early. 4) For embedded and mobile Linux devices, coordinate with vendors to ensure firmware updates include the fix. 5) Implement robust kernel crash recovery mechanisms and maintain regular backups to minimize downtime in case of crashes. 6) Limit exposure of critical Linux systems by restricting access and employing network segmentation to reduce the attack surface. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These steps go beyond generic advice by focusing on kernel configuration management, proactive monitoring, and vendor coordination specific to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.969Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682cd0f71484d88663aeaf98
Added to database: 5/20/2025, 6:59:03 PM
Last enriched: 7/4/2025, 1:43:11 AM
Last updated: 8/19/2025, 7:51:26 AM
Views: 22
Related Threats
CVE-2025-9132: Out of bounds write in Google Chrome
HighCVE-2025-9193: Open Redirect in TOTVS Portal Meu RH
MediumCVE-2025-9176: OS Command Injection in neurobin shc
MediumCVE-2025-9175: Stack-based Buffer Overflow in neurobin shc
MediumCVE-2025-9174: OS Command Injection in neurobin shc
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.