{"id":"AZL-70162","summary":"CVE-2025-37884 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix deadlock between rcu_tasks_trace and event_mutex.\n\nFix the following deadlock:\nCPU A\n_free_event()\n  perf_kprobe_destroy()\n    mutex_lock(&event_mutex)\n      perf_trace_event_unreg()\n        synchronize_rcu_tasks_trace()\n\nThere are several paths where _free_event() grabs event_mutex\nand calls sync_rcu_tasks_trace. Above is one such case.\n\nCPU B\nbpf_prog_test_run_syscall()\n  rcu_read_lock_trace()\n    bpf_prog_run_pin_on_cpu()\n      bpf_prog_load()\n        bpf_tracing_func_proto()\n          trace_set_clr_event()\n            mutex_lock(&event_mutex)\n\nDelegate trace_set_clr_event() to workqueue to avoid\nsuch lock dependency.","modified":"2026-04-01T05:21:42.083273Z","published":"2025-05-09T07:16:09Z","upstream":["CVE-2025-37884"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37884"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70162.json"}}],"schema_version":"1.7.5"}