{"id":"CVE-2025-23151","summary":"bus: mhi: host: Fix race between unprepare and queue_buf","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Fix race between unprepare and queue_buf\n\nA client driver may use mhi_unprepare_from_transfer() to quiesce\nincoming data during the client driver's tear down. The client driver\nmight also be processing data at the same time, resulting in a call to\nmhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs\nafter mhi_unprepare_from_transfer() has torn down the channel, a panic\nwill occur due to an invalid dereference leading to a page fault.\n\nThis occurs because mhi_gen_tre() does not verify the channel state\nafter locking it. Fix this by having mhi_gen_tre() confirm the channel\nstate is valid, or return error to avoid accessing deinitialized data.\n\n[mani: added stable tag]","modified":"2026-03-20T12:41:22.135276Z","published":"2025-05-01T12:55:38.833Z","related":["SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23151.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380"},{"type":"WEB","url":"https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/899d0353ea69681f474b6bc9de32c663b89672da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23151.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23151"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"176ed1727badd2fad2158e2b214dcbc24f4be7a1"},{"fixed":"899d0353ea69681f474b6bc9de32c663b89672da"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0b093176fd0967a5f56e2c86b0d48247f6c0fa0f"},{"fixed":"3e7ecf181cbdde9753204ada3883ca1704d8702b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ce16274a6b8d1483d0d8383272deb2bfd1b577ca"},{"fixed":"5f084993c90d9d0b4a52a349ede5120f992a7ca1"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b89b6a863dd53bc70d8e52d50f9cfaef8ef5e9c9"},{"fixed":"a77955f7704b2a00385e232cbcc1cb06b5c7a425"},{"fixed":"178e5657c8fd285125cc6743a81b513bce099760"},{"fixed":"ee1fce83ed56450087309b9b74ad9bcb2b010fa6"},{"fixed":"0686a818d77a431fc3ba2fab4b46bbb04e8c9380"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"642adb03541673f3897f64bbb62856ffd73807f5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23151.json"}}],"schema_version":"1.7.5"}