CVE-2025-37843
📋 TL;DR
This CVE describes a race condition in the Linux kernel's PCIe hotplug subsystem that can cause a deadlock when hot-removing nested PCIe devices. The vulnerability affects systems using PCIe hotplug capabilities, particularly with Thunderbolt devices. Exploitation requires physical or administrative access to trigger device removal.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System deadlock requiring hard reboot, causing denial of service and potential data loss or corruption.
Likely Case
System hang or kernel panic when removing multiple Thunderbolt devices during system sleep/resume cycles.
If Mitigated
No impact if proper access controls prevent unauthorized physical or administrative device removal.
🎯 Exploit Status
Exploitation requires triggering specific device removal sequences during system sleep/resume cycles.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0d0bbd01f7c0ac7d1be9f85aaf2cd0baec34655f, 7535d10a2c61baeff493300070cf04d9ddda216b, e3260237aaadc9799107ccb940c6688195c4518d, or e4a1d7defbc2d806540720a5adebe24ec3488683
Vendor Advisory: https://git.kernel.org/stable/c/0d0bbd01f7c0ac7d1be9f85aaf2cd0baec34655f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid hot-removal during sleep
linuxPrevent removing Thunderbolt or PCIe devices while system is in sleep state
Disable PCIe hotplug
linuxDisable PCIe hotplug functionality if not required
echo 0 > /sys/bus/pci/slots/*/power
🧯 If You Can't Patch
- Restrict physical access to PCIe/Thunderbolt ports
- Implement strict change control for device removal operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with affected versions containing commit 9d573d19547bCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: 0d0bbd01f7c0ac7d1be9f85aaf2cd0baec34655f, 7535d10a2c61baeff493300070cf04d9ddda216b, e3260237aaadc9799107ccb940c6688195c4518d, or e4a1d7defbc2d806540720a5adebe24ec3488683📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- PCIe hotplug errors in dmesg
- System hang during device removal
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("pciehp" OR "PCIe hotplug" OR "deadlock")