{"id":"AZL-62821","summary":"CVE-2025-37907 affecting package kernel 6.6.126.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix locking order in ivpu_job_submit\n\nFix deadlock in job submission and abort handling.\nWhen a thread aborts currently executing jobs due to a fault,\nit first locks the global lock protecting submitted_jobs (#1).\n\nAfter the last job is destroyed, it proceeds to release the related context\nand locks file_priv (#2). Meanwhile, in the job submission thread,\nthe file_priv lock (#2) is taken first, and then the submitted_jobs\nlock (#1) is obtained when a job is added to the submitted jobs list.\n\n       CPU0                            CPU1\n       ----                    \t       ----\n  (for example due to a fault)         (jobs submissions keep coming)\n\n  lock(&vdev-\u003esubmitted_jobs_lock) #1\n  ivpu_jobs_abort_all()\n  job_destroy()\n                                      lock(&file_priv-\u003elock)           #2\n                                      lock(&vdev-\u003esubmitted_jobs_lock) #1\n  file_priv_release()\n  lock(&vdev-\u003econtext_list_lock)\n  lock(&file_priv-\u003elock)           #2\n\nThis order of locking causes a deadlock. To resolve this issue,\nchange the order of locking in ivpu_job_submit().","modified":"2026-04-01T05:20:09.126560Z","published":"2025-05-20T16:15:27Z","upstream":["CVE-2025-37907"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37907"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"6.6.126.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62821.json"}}],"schema_version":"1.7.5"}