CVE-2025-23134

Published: Apr 16, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take register_mutex with copy_from/to_user() The infamous mmap_lock taken in copy_from/to_user() can be often problematic when it's called inside another mutex, as they might lead to deadlocks. In the case of ALSA timer code, the bad pattern is with guard(mutex)(&register_mutex) that covers copy_from/to_user() -- which was mistakenly introduced at converting to guard(), and it had been carefully worked around in the past. This patch fixes those pieces simply by moving copy_from/to_user() out of the register mutex lock again.

Vendor	Product	Versions
Linux	Linux	affected `3923de04c81733b30b8ed667569632272fdfed9a - < 15291b561d8cc835a2eea76b394070cf8e072771` affected `3923de04c81733b30b8ed667569632272fdfed9a - < 296f7a9e15aab276db11206cbc1e2ae1215d7862` affected `3923de04c81733b30b8ed667569632272fdfed9a - < b074f47e55df93832bbbca1b524c501e6fea1c0d` affected `3923de04c81733b30b8ed667569632272fdfed9a - < 3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6`
Linux	Linux	affected `6.9` unaffected `0 - < 6.9` unaffected `6.12.23 - <= 6.12.` unaffected `6.13.11 - <= 6.13.` unaffected `6.14.2 - <= 6.14.*` +1 more versions

References

https://git.kernel.org/stable/c/15291b561d8cc835a2eea76b394070cf8e072771

https://git.kernel.org/stable/c/296f7a9e15aab276db11206cbc1e2ae1215d7862

https://git.kernel.org/stable/c/b074f47e55df93832bbbca1b524c501e6fea1c0d

https://git.kernel.org/stable/c/3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-23134

Description

Affected Products

References