CVE-2025-38132
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-11-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfg_csdev_lock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() <iterating config_csdev_list> cscfg_remove_owned_csdev_configs() // here load config activate by CPU1 unlock(csdev->cscfg_csdev_lock) iterating config_csdev_list could be raced with config_csdev_list's entry delete. To resolve this race , hold csdev->cscfg_csdev_lock() while cscfg_remove_owned_csdev_configs()
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-11-20
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38132
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's coresight configuration management. It occurs because the lock (cscfg_csdev_lock) is not held while removing configuration entries from the config_csdev_list, which can lead to concurrent modification issues when multiple CPUs are enabling, loading, activating, deactivating, or unloading coresight configurations simultaneously. The fix involves holding the lock during the removal of owned coresight device configurations to prevent this race.


How can this vulnerability impact me? :

The race condition could lead to inconsistent or corrupted coresight configuration states, potentially causing system instability or unexpected behavior in performance monitoring or debugging features that rely on coresight. This could affect system reliability or security depending on how coresight is used.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch or update to the Linux kernel version that includes the fix for this vulnerability, which ensures that the csdev->cscfg_csdev_lock is held while removing cscfg from csdev to prevent the race condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart