Impact
In the Linux kernel, a lock ordering issue was identified in the qcom-ngd slimbus controller. The code path that handles SSR/PDR down notifications acquires tx_lock before the controller lock, while other paths acquire the controller lock before tx_lock. This inversion leads to a lockdep warning and a potential deadlock, which can stall kernel threads and cause system unresponsiveness. The flaw results in a denial‑of‑service scenario rather than direct compromise of confidentiality or integrity.
Affected Systems
Affected systems are any Linux kernel that includes the slimbus subsystem with the qcom-ngd driver before the fix. The vulnerability is present in all kernel versions that contain the qcom_ngd controller code unchanged from the original state, regardless of specific build or distribution. Upstream kernels before the commit that removed the tx_lock acquisition in qcom_slim_ngd_ssr_pdr_notify() remain affected.
Risk and Exploitability
The CVSS score was not disclosed and EPSS data is unavailable. The vulnerability is not listed in CISA's KEV catalog. Based on the description, exploiting the flaw would require triggering a SSR/PDR down notification while DMA activity is active, a condition that is usually limited to privileged kernel code or malicious device drivers. The risk, therefore, appears to be confined to a local attacker with kernel privileges, affecting system stability. The lockdep warning suggests that the deadlock could happen during normal operation if the lock ordering conflict occurs, implying that a privileged or insider attacker might be able to induce service disruption, although no direct evidence of exploitation is provided.
OpenCVE Enrichment