Acknowledged
Created: Jul 3, 2025
Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]scsi: core: ufs: Fix a hang in the error handler[EOL][EOL]ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter[EOL]function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because[EOL]resuming involves submitting a SCSI command and ufshcd_queuecommand()[EOL]returns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this[EOL]hang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has[EOL]been called instead of before.[EOL][EOL]Backtrace:[EOL]__switch_to+0x174/0x338[EOL]__schedule+0x600/0x9e4[EOL]schedule+0x7c/0xe8[EOL]schedule_timeout+0xa4/0x1c8[EOL]io_schedule_timeout+0x48/0x70[EOL]wait_for_common_io+0xa8/0x160 //waiting on START_STOP[EOL]wait_for_completion_io_timeout+0x10/0x20[EOL]blk_execute_rq+0xe4/0x1e4[EOL]scsi_execute_cmd+0x108/0x244[EOL]ufshcd_set_dev_pwr_mode+0xe8/0x250[EOL]__ufshcd_wl_resume+0x94/0x354[EOL]ufshcd_wl_runtime_resume+0x3c/0x174[EOL]scsi_runtime_resume+0x64/0xa4[EOL]rpm_resume+0x15c/0xa1c[EOL]__pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing[EOL]ufshcd_err_handler+0x1a0/0xd08[EOL]process_one_work+0x174/0x808[EOL]worker_thread+0x15c/0x490[EOL]kthread+0xf4/0x1ec[EOL]ret_from_fork+0x10/0x20[EOL][EOL][ bvanassche: rewrote patch description ]
CREATE(Triage):(User=lchen-cn) [CVE-2025-38119 (https://nvd.nist.gov/vuln/detail/CVE-2025-38119)
