CVE-2025-38131

HIGH EPSS 6.2%
Published Jul 3, 202512mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfg_csdev_enable_active_config(), active config could be deactivated via configfs' sysfs interface. This could make UAF issue in below scenario: CPU0 CPU1 (sysfs enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) // here load config activate by CPU1 unlock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() unload module // access to config_desc which freed // while unloading module. cscfg_csdev_enable_config To address this, use cscfg_config_desc's active_cnt as a reference count which will be holded when - activate the config. - enable the activated config. and put the module reference when config_active_cnt == 0.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
6.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.94
linuxlinux_kernel*≥6.7  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3
debiandebian_linux11.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/31028812724cef7bd57a51525ce58a32a6d73b22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/408c97c4a5e0b634dcd15bf8b8808b382e888164
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b3b4efa2e623aecaebd7c9b9e4171f5c659e9724
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfe8224c9c7a43d356eb9f74b06868aa05f90223
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed42ee1ed05ff2f4c36938379057413a40c56680
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/31028812724cef7bd57a51525ce58a32a6d73b22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/408c97c4a5e0b634dcd15bf8b8808b382e888164
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b3b4efa2e623aecaebd7c9b9e4171f5c659e9724
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfe8224c9c7a43d356eb9f74b06868aa05f90223
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed42ee1ed05ff2f4c36938379057413a40c56680
    Patch