CVE-2025-37987: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37987 is a vulnerability discovered in the Linux kernel's pdscore component, specifically related to the adminq (admin queue) handling. The vulnerability was disclosed on May 20, 2025, affecting the Linux kernel's pdscore subsystem (NVD Database).

The vulnerability stems from a design limitation in the pdscore's adminq implementation. While the adminqlock prevents simultaneous command posting, completions occur in a different context, allowing multiple adminq commands to be posted sequentially while waiting for completion. The backing adminq request queue has a limited capacity of 16 entries, and due to insufficient retry mechanism and overflow prevention, the adminq can become stuck, resulting in commands no longer being processed and completions not being sent by the firmware (NVD Database).

When exploited, this vulnerability can cause the adminq to become stuck in a state where commands are no longer processed and completions are not sent by the firmware. This effectively creates a denial of service condition for the affected component, potentially impacting system operations that depend on the pds_core subsystem (NVD Database).

A fix has been implemented that prevents more than 16 outstanding adminq commands by reducing the adminq depth to 16. This ensures that the backing adminq request queue will never have more than 16 pending adminq commands, effectively preventing overflow conditions (NVD Database).