{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38174","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.991Z","datePublished":"2025-07-04T10:39:55.732Z","dateUpdated":"2026-05-11T21:22:41.615Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:22:41.615Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n <TASK>\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request().  Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl->request_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don't have TB_CFG_REQUEST_ACTIVE\nbit set."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/thunderbolt/ctl.c"],"versions":[{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"e49e994cd83705f7ca30eda1e304abddfd96a37a","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"0a3011d47dbc92a33621861c423cb64833d7fe57","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"2f62eda4d974c26bc595425eafd429067541f2c9","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"85286e634ebbaf9c0fb1cdf580add2f33fc7628c","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"5a057f261539720165d03d85024da2b52e67f63d","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"eb2d5e794fb966b3ef8bde99eb8561446a53509f","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"0771bcbe2f6e5d5f263cf466efe571d2754a46da","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"cdb4feab2f39e75a66239e3a112beced279612a8","status":"affected","versionType":"git"},{"version":"16603153666d22df544ae9f9b3764fd18da28eeb","lessThan":"0f73628e9da1ee39daf5f188190cdbaee5e0c98c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/thunderbolt/ctl.c"],"versions":[{"version":"3.17","status":"affected"},{"version":"0","lessThan":"3.17","status":"unaffected","versionType":"semver"},{"version":"5.4.295","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.239","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.186","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.142","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.94","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.33","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.11","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15.2","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.4.295"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.10.239"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.15.186"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.1.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.6.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.12.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.14.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.15.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e49e994cd83705f7ca30eda1e304abddfd96a37a"},{"url":"https://git.kernel.org/stable/c/0a3011d47dbc92a33621861c423cb64833d7fe57"},{"url":"https://git.kernel.org/stable/c/2f62eda4d974c26bc595425eafd429067541f2c9"},{"url":"https://git.kernel.org/stable/c/85286e634ebbaf9c0fb1cdf580add2f33fc7628c"},{"url":"https://git.kernel.org/stable/c/5a057f261539720165d03d85024da2b52e67f63d"},{"url":"https://git.kernel.org/stable/c/eb2d5e794fb966b3ef8bde99eb8561446a53509f"},{"url":"https://git.kernel.org/stable/c/0771bcbe2f6e5d5f263cf466efe571d2754a46da"},{"url":"https://git.kernel.org/stable/c/cdb4feab2f39e75a66239e3a112beced279612a8"},{"url":"https://git.kernel.org/stable/c/0f73628e9da1ee39daf5f188190cdbaee5e0c98c"}],"title":"thunderbolt: Do not double dequeue a configuration request","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:35:01.586Z"}}]}}