CVE-2025-21821 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2 Hardware name: Nokia 770 Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x54/0x5c dump_stack_lvl from __schedule_bug+0x50/0x70 __schedule_bug from __schedule+0x4d4/0x5bc __schedule from schedule+0x34/0xa0 schedule from schedule_preempt_disabled+0xc/0x10 schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4 __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4 clk_prepare_lock from clk_set_rate+0x18/0x154 clk_set_rate from sossi_read_data+0x4c/0x168 sossi_read_data from hwa742_read_reg+0x5c/0x8c hwa742_read_reg from send_frame_handler+0xfc/0x300 send_frame_handler from process_pending_requests+0x74/0xd0 process_pending_requests from lcd_dma_irq_handler+0x50/0x74 lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130 __handle_irq_event_percpu from handle_irq_event+0x28/0x68 handle_irq_event from handle_level_irq+0x9c/0x170 handle_level_irq from generic_handle_domain_irq+0x2c/0x3c generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c generic_handle_arch_irq from call_with_stack+0x1c/0x24 call_with_stack from __irq_svc+0x94/0xa8 Exception stack(0xc5255da0 to 0xc5255de8) 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94 5de0: 60000013 ffffffff __irq_svc from clk_prepare_lock+0x4c/0xe4 clk_prepare_lock from clk_get_rate+0x10/0x74 clk_get_rate from uwire_setup_transfer+0x40/0x180 uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664 spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498 __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8 __spi_sync from spi_sync+0x24/0x40 spi_sync from ads7846_halfd_read_state+0x5c/0x1c0 ads7846_halfd_read_state from ads7846_irq+0x58/0x348 ads7846_irq from irq_thread_fn+0x1c/0x78 irq_thread_fn from irq_thread+0x120/0x228 irq_thread from kthread+0xc8/0xe8 kthread from ret_from_fork+0x14/0x28 As a quick fix, switch to a threaded IRQ which provides a stable system.

Reserved 2024-12-29 | Published 2025-02-27 | Updated 2025-03-24 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7bbbd311dd503653a2cc86d9226740883051dc92

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before fb6a5edb60921887d7d10619fcdcbee9759552cb

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before aa8e22cbedeb626f2a6bda0aea362353d627cd0a

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 8392ea100f0b86c234c739c6662f39f0ccc0cefd

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e4b6b665df815b4841e71b72f06446884e8aad40

affected

Default status

affected

6.1.129

unaffected

6.6.79

unaffected

6.12.16

unaffected

6.13.4

unaffected

6.14

unaffected

References

git.kernel.org/...c/7bbbd311dd503653a2cc86d9226740883051dc92

git.kernel.org/...c/fb6a5edb60921887d7d10619fcdcbee9759552cb

git.kernel.org/...c/aa8e22cbedeb626f2a6bda0aea362353d627cd0a

git.kernel.org/...c/8392ea100f0b86c234c739c6662f39f0ccc0cefd

git.kernel.org/...c/e4b6b665df815b4841e71b72f06446884e8aad40

cve.org (CVE-2025-21821)

nvd.nist.gov (CVE-2025-21821)

Download JSON