CVE-2025-37907
📋 TL;DR
This CVE describes a deadlock vulnerability in the Linux kernel's Intel Visual Processing Unit (IVPU) driver. The locking order issue in ivpu_job_submit() can cause system hangs when job submission and abort handling occur simultaneously. This affects Linux systems using the IVPU driver for Intel's integrated graphics/accelerator hardware.
💻 Affected Systems
- Linux kernel with Intel IVPU driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system deadlock requiring hard reboot, causing denial of service and potential data loss for applications using the IVPU driver.
Likely Case
System hangs or application crashes when IVPU operations encounter faults during concurrent job submissions, leading to denial of service for affected processes.
If Mitigated
Minor performance impact during IVPU operations with proper locking order preventing deadlocks.
🎯 Exploit Status
Requires local access and ability to trigger IVPU operations with specific timing to cause deadlock.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 079d2622f8c9e0c380149645fff21d35c59ce6ff, ab680dc6c78aa035e944ecc8c48a1caab9f39924, or b9b70924a272c2d72023306bc56f521c056212ee
Vendor Advisory: https://git.kernel.org/stable/c/079d2622f8c9e0c380149645fff21d35c59ce6ff
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify IVPU driver loads without errors.
🔧 Temporary Workarounds
Disable IVPU driver
linuxPrevent loading of the vulnerable IVPU driver module
echo 'blacklist ivpu' >> /etc/modprobe.d/blacklist-ivpu.conf
rmmod ivpu
update-initramfs -u
Limit IVPU access
linuxRestrict which users/processes can access IVPU devices
chmod 600 /dev/ivpu*
setfacl -m u:root:rw /dev/ivpu*
🧯 If You Can't Patch
- Monitor system for hangs/crashes related to IVPU operations and restart affected services
- Implement strict access controls to limit which users/applications can use IVPU hardware
🔍 How to Verify
Check if Vulnerable:
Check if IVPU driver is loaded: lsmod | grep ivpu. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel includes fix commits: git log --oneline | grep -E '079d2622|ab680dc6|b9b70924'. Test IVPU operations for stability.📡 Detection & Monitoring
Log Indicators:
- Kernel messages about deadlock detection
- System hangs or unresponsive IVPU-related processes
- dmesg warnings about lockdep or locking violations
Network Indicators:
- None - local driver issue
SIEM Query:
source="kernel" AND ("deadlock" OR "lockdep" OR "ivpu")