CVE-2025-22014

Summary

CVE-2025-22014: In the Linux kernel, a deadlock vulnerability affecting the soc: qcom: pdr module has been addressed. The issue occurred when process A, which was adding a lookup for a service and scheduling locator work, and process B, which was handling a new server packet, both tried to acquire the same list lock, resulting in a deadlock. This was due to the fact that process A was querying the domain list after taking the list lock, but the response from process B was queued to the same workqueue and ordered, preventing process B from completing the new server request work. The vulnerability has been mitigated by removing the unnecessary list iteration in process A and simply calling schedule_work() instead. [ 1] The discovery of this vulnerability and its resolution was made possible by the contributions of Bjorn and Johan, who also reported an audio regression issue that was resolved by the same commit.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.