Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take register_mutex with copy_from/to_user() The infamous mmap_lock taken in copy_from/to_user() can be often problematic when it's called inside another mutex, as they might lead to deadlocks. In the case of ALSA timer code, the bad pattern is with guard(mutex)(&register_mutex) that covers copy_from/to_user() -- which was mistakenly introduced at converting to guard(), and it had been carefully worked around in the past. This patch fixes those pieces simply by moving copy_from/to_user() out of the register mutex lock again.

INFO

Published Date :

2025-04-16T14:13:15.144Z

Last Modified :

2025-10-01T16:15:15.661Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23134 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23134.

URL Resource
https://git.kernel.org/stable/c/15291b561d8cc835a2eea76b394070cf8e072771 cve-icon cve-icon
https://git.kernel.org/stable/c/296f7a9e15aab276db11206cbc1e2ae1215d7862 cve-icon cve-icon
https://git.kernel.org/stable/c/3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6 cve-icon cve-icon
https://git.kernel.org/stable/c/b074f47e55df93832bbbca1b524c501e6fea1c0d cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025041632-CVE-2025-23134-22f8@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-23134 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-23134 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact