CVE-2025-38132
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
coresight: holding cscfg_csdev_lock while removing cscfg from csdev
There'll be possible race scenario for coresight config:
CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) … cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() <iterating config_csdev_list> cscfg_remove_owned_csdev_configs() // here load config activate by CPU1 unlock(csdev->cscfg_csdev_lock)
iterating config_csdev_list could be raced with config_csdev_list's entry delete.
To resolve this race , hold csdev->cscfg_csdev_lock() while cscfg_remove_owned_csdev_configs()
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 02bd588e12df405bdf55244708151b7f238b79ba < 42f8afb0b161631fd1d814d017f75f955475ad41 | affected |
| Linux | Linux | 02bd588e12df405bdf55244708151b7f238b79ba < 53b9e2659719b04f5ba7593f2af0f2335f75e94a | affected |
| Linux | Linux | 5.17 | affected |
| Linux | Linux | 0 < 5.17 | unaffected |
| Linux | Linux | 6.15.3 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41
- https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.