CVE-2025-21820

Summary

CVE-2025-21820 is a vulnerability affecting the Linux kernel's tty subsystem, specifically the xilinx_uartps driver. The issue stems from a circular locking dependency between the cdns_uart_isr and console_lock functions. This dependency can result in a deadlock, as shown in the provided lockdep trace. The fix, implemented in a recent commit, attempts to prevent this situation by only taking the port lock in cdns_uart_console_write if port->sysrq is unset. However, if this condition is not met, the code will still try to acquire the lock, potentially causing a deadlock. The recommended solution is to split sysrq handling into two parts, with the prepare helper executed under the port lock and the actual handling deferred until after the lock is released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.