ghsa-gqgv-qr8f-vwmq
Vulnerability from github
Published
2025-07-03 09:30
Modified
2025-07-03 09:30
Details

In the Linux kernel, the following vulnerability has been resolved:

coresight: holding cscfg_csdev_lock while removing cscfg from csdev

There'll be possible race scenario for coresight config:

CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() cscfg_remove_owned_csdev_configs() // here load config activate by CPU1 unlock(csdev->cscfg_csdev_lock)

iterating config_csdev_list could be raced with config_csdev_list's entry delete.

To resolve this race , hold csdev->cscfg_csdev_lock() while cscfg_remove_owned_csdev_configs()

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38132"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T09:15:27Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0                                          CPU1\n(perf enable)                                 load module\n                                              cscfg_load_config_sets()\n                                              activate config. // sysfs\n                                              (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n  lock(csdev-\u003ecscfg_csdev_lock)\n                                              deactivate config // sysfs\n                                              (sys_activec_cnt == 0)\n                                              cscfg_unload_config_sets()\n  \u003citerating config_csdev_list\u003e               cscfg_remove_owned_csdev_configs()\n  // here load config activate by CPU1\n  unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
  "id": "GHSA-gqgv-qr8f-vwmq",
  "modified": "2025-07-03T09:30:34Z",
  "published": "2025-07-03T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38132"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.