GHSA-H9PQ-JCWJ-V49P

Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-01-31 12:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

counter: interrupt-cnt: Drop IRQF_NO_THREAD flag

An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git... #1

some-user-space-process/1251 is trying to lock: (&counter->events_list_lock){....}-{3:3}, at: counter_push_event [counter] other info that might help us debug this: context-{2:2} no locks held by some-user-space-process/.... stack backtrace: CPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT Call trace: show_stack (C) dump_stack_lvl dump_stack __lock_acquire lock_acquire _raw_spin_lock_irqsave counter_push_event [counter] interrupt_cnt_isr [interrupt_cnt] __handle_irq_event_percpu handle_irq_event handle_simple_irq handle_irq_desc generic_handle_domain_irq gpio_irq_handler handle_irq_desc generic_handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler el0_interrupt __el0_irq_handler_common el0t_64_irq_handler el0t_64_irq

... and Sebastian correctly points out. Remove IRQF_NO_THREAD as an alternative to switching to raw_spinlock_t, because the latter would limit all potential nested locks to raw_spinlock_t only.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-71180"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-31T12:16:02Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncounter: interrupt-cnt: Drop IRQF_NO_THREAD flag\n\nAn IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as\nCONFIG_PROVE_RAW_LOCK_NESTING warns:\n=============================\n[ BUG: Invalid wait context ]\n6.18.0-rc1+git... #1\n-----------------------------\nsome-user-space-process/1251 is trying to lock:\n(\u0026counter-\u003eevents_list_lock){....}-{3:3}, at: counter_push_event [counter]\nother info that might help us debug this:\ncontext-{2:2}\nno locks held by some-user-space-process/....\nstack backtrace:\nCPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT\nCall trace:\n show_stack (C)\n dump_stack_lvl\n dump_stack\n __lock_acquire\n lock_acquire\n _raw_spin_lock_irqsave\n counter_push_event [counter]\n interrupt_cnt_isr [interrupt_cnt]\n __handle_irq_event_percpu\n handle_irq_event\n handle_simple_irq\n handle_irq_desc\n generic_handle_domain_irq\n gpio_irq_handler\n handle_irq_desc\n generic_handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n el0_interrupt\n __el0_irq_handler_common\n el0t_64_irq_handler\n el0t_64_irq\n\n... and Sebastian correctly points out. Remove IRQF_NO_THREAD as an\nalternative to switching to raw_spinlock_t, because the latter would limit\nall potential nested locks to raw_spinlock_t only.",
  "id": "GHSA-h9pq-jcwj-v49p",
  "modified": "2026-01-31T12:30:11Z",
  "published": "2026-01-31T12:30:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71180"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23f9485510c338476b9735d516c1d4aacb810d46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/425886b1f8304621b3f16632b274357067d5f13f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49a66829dd3653695e60d7cae13521d131362fcd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51d2e5d6491447258cb39ff1deb93df15d3c23cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef668c9a2261ec9287faba6e6ef05a98b391aa2b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.