{"uuid": "e84decdf-39c2-4ddc-955c-06f7374ca595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23151", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14798", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23151\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Fix race between unprepare and queue_buf\n\nA client driver may use mhi_unprepare_from_transfer() to quiesce\nincoming data during the client driver's tear down. The client driver\nmight also be processing data at the same time, resulting in a call to\nmhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs\nafter mhi_unprepare_from_transfer() has torn down the channel, a panic\nwill occur due to an invalid dereference leading to a page fault.\n\nThis occurs because mhi_gen_tre() does not verify the channel state\nafter locking it. Fix this by having mhi_gen_tre() confirm the channel\nstate is valid, or return error to avoid accessing deinitialized data.\n\n[mani: added stable tag]\n\ud83d\udccf Published: 2025-05-01T12:55:38.833Z\n\ud83d\udccf Modified: 2025-05-04T13:07:12.765Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/899d0353ea69681f474b6bc9de32c663b89672da\n2. https://git.kernel.org/stable/c/3e7ecf181cbdde9753204ada3883ca1704d8702b\n3. https://git.kernel.org/stable/c/5f084993c90d9d0b4a52a349ede5120f992a7ca1\n4. https://git.kernel.org/stable/c/a77955f7704b2a00385e232cbcc1cb06b5c7a425\n5. https://git.kernel.org/stable/c/178e5657c8fd285125cc6743a81b513bce099760\n6. https://git.kernel.org/stable/c/ee1fce83ed56450087309b9b74ad9bcb2b010fa6\n7. https://git.kernel.org/stable/c/0686a818d77a431fc3ba2fab4b46bbb04e8c9380", "creation_timestamp": "2025-05-04T13:18:40.000000Z"}