CVE-2025-23134

MEDIUM 5.5

ALSA: timer: Don't take register_mutex with copy_from/to_user()

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take register_mutex with copy_from/to_user() The infamous mmap_lock taken in copy_from/to_user() can be often problematic when it's called inside another mutex, as they might lead to deadlocks. In the case of ALSA timer code, the bad pattern is with guard(mutex)(&register_mutex) that covers copy_from/to_user() -- which was mistakenly introduced at converting to guard(), and it had been carefully worked around in the past. This patch fixes those pieces simply by moving copy_from/to_user() out of the register mutex lock again.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Apr 16, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

3923de04c81733b30b8ed667569632272fdfed9a < 15291b561d8cc835a2eea76b394070cf8e072771 3923de04c81733b30b8ed667569632272fdfed9a < 296f7a9e15aab276db11206cbc1e2ae1215d7862 3923de04c81733b30b8ed667569632272fdfed9a < b074f47e55df93832bbbca1b524c501e6fea1c0d 3923de04c81733b30b8ed667569632272fdfed9a < 3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6

Linux / Linux

6.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/15291b561d8cc835a2eea76b394070cf8e072771 git.kernel.org: https://git.kernel.org/stable/c/296f7a9e15aab276db11206cbc1e2ae1215d7862 git.kernel.org: https://git.kernel.org/stable/c/b074f47e55df93832bbbca1b524c501e6fea1c0d git.kernel.org: https://git.kernel.org/stable/c/3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6