CVE-2025-38132

MEDIUM EPSS 3.6%
Published Jul 3, 202512mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfg_csdev_lock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() <iterating config_csdev_list> cscfg_remove_owned_csdev_configs() // here load config activate by CPU1 unlock(csdev->cscfg_csdev_lock) iterating config_csdev_list could be raced with config_csdev_list's entry delete. To resolve this race , hold csdev->cscfg_csdev_lock() while cscfg_remove_owned_csdev_configs()

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel*≥5.17  –  <6.15.3

References 2

  • git.kernel.org https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a
    Patch