CVE-2025-38132

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-38132
In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfg_csdev_lock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() <iterating config_csdev_list> cscfg_remove_owned_csdev_configs() // here load config activate by CPU1 unlock(csdev->cscfg_csdev_lock) iterating config_csdev_list could be raced with config_csdev_list's entry delete. To resolve this race , hold csdev->cscfg_csdev_lock() while cscfg_remove_owned_csdev_configs()

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41 Patch
https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

20 Nov 2025, 20:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41 - () https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41 - Patch
References () https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a - () https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a - Patch
First Time Linux
Linux linux Kernel
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: coresight: mantener cscfg_csdev_lock mientras se elimina cscfg de csdev Habrá un posible escenario de ejecución para la configuración de coresight: CPU0 CPU1 (habilitación de rendimiento) cargar módulo cscfg_load_config_sets() activar configuración. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev-&gt;cscfg_csdev_lock) desactiva la configuración // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() cscfg_remove_owned_csdev_configs() // aquí se carga la configuración activada por CPU1 unlock(csdev-&gt;cscfg_csdev_lock) iterando config_csdev_list podría estar en competencia con la eliminación de la entrada de config_csdev_list. Para resolver esta competencia, mantenga presionada la tecla csdev-&gt;cscfg_csdev_lock() mientras cscfg_remove_owned_csdev_configs()

03 Jul 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-03 09:15

Updated : 2025-11-20 20:12

NVD link : CVE-2025-38132

Mitre link : CVE-2025-38132

CVE.ORG link : CVE-2025-38132

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-noinfo