CVE-2025-38210
Description
In the Linux kernel, the following vulnerability has been resolved: configfs-tsm-report: Fix NULL dereference of tsm_ops Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, the configfs-tsm-report mechanism has an expectation that tsm_unregister() can happen at any time and cause established config-item access to start failing. That expectation is not fully satisfied. While tsm_report_read(), tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail if tsm_ops have been unregistered, tsm_report_privlevel_store() tsm_report_provider_show() fail to check for ops registration. Add the missing checks for tsm_ops having been removed. Now, in supporting the ability for tsm_unregister() to always succeed, it leaves the problem of what to do with lingering config-items. The expectation is that the admin that arranges for the ->remove() (unbind) of the ${tsm_arch}-guest driver is also responsible for deletion of all open config-items. Until that deletion happens, ->probe() (reload / bind) of the ${tsm_arch}-guest driver fails. This allows for emergency shutdown / revocation of attestation interfaces, and requires coordinated restart.
CVSS Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Threat Intelligence
Weaknesses 1
Affected Products 2
References 3
- git.kernel.org https://git.kernel.org/stable/c/015f04ac884a454d4d8aaa7b67758f047742b1cf
- git.kernel.org https://git.kernel.org/stable/c/cefbafcbdef011d6ef9414902311afdfba3c33eb
- git.kernel.org https://git.kernel.org/stable/c/fba4ceaa242d2bdf4c04b77bda41d32d02d3925d
Remediation
- git.kernel.org https://git.kernel.org/stable/c/015f04ac884a454d4d8aaa7b67758f047742b1cf
- git.kernel.org https://git.kernel.org/stable/c/cefbafcbdef011d6ef9414902311afdfba3c33eb
- git.kernel.org https://git.kernel.org/stable/c/fba4ceaa242d2bdf4c04b77bda41d32d02d3925d