CVE-2025-38262
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-09

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other instance can bypass uart driver registration and call ulite_assign. This calls uart_add_one_port, which expects the uart driver to be fully initialized. This leads to a kernel panic due to a null pointer dereference: [ 8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8 [ 8.156982] #PF: supervisor write access in kernel mode [ 8.156984] #PF: error_code(0x0002) - not-present page [ 8.156986] PGD 0 P4D 0 ... [ 8.180668] RIP: 0010:mutex_lock+0x19/0x30 [ 8.188624] Call Trace: [ 8.188629] ? __die_body.cold+0x1a/0x1f [ 8.195260] ? page_fault_oops+0x15c/0x290 [ 8.209183] ? __irq_resolve_mapping+0x47/0x80 [ 8.209187] ? exc_page_fault+0x64/0x140 [ 8.209190] ? asm_exc_page_fault+0x22/0x30 [ 8.209196] ? mutex_lock+0x19/0x30 [ 8.223116] uart_add_one_port+0x60/0x440 [ 8.223122] ? proc_tty_register_driver+0x43/0x50 [ 8.223126] ? tty_register_driver+0x1ca/0x1e0 [ 8.246250] ulite_probe+0x357/0x4b0 [uartlite] To prevent it, move uart driver registration in to init function. This will ensure that uart_driver is always registered when probe function is called.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-09
Last Modified
2025-12-18
Generated
2026-05-27
AI Q&A
2025-07-09
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38262
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.36 (inc)
debian debian_linux 11.0
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's uartlite serial driver when two uart device instances probe concurrently. A race condition happens where one thread begins registering the uart driver and allocates memory, but the other thread bypasses the registration and calls functions expecting the driver to be fully initialized. This leads to a null pointer dereference and causes a kernel panic.


How can this vulnerability impact me? :

The vulnerability can cause a kernel panic due to a null pointer dereference, which can crash the system or cause instability when multiple uart devices are probed simultaneously.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for kernel panic messages related to uartlite driver issues, specifically null pointer dereferences during uart driver registration. You can check the kernel log for messages similar to: 'BUG: kernel NULL pointer dereference' and call traces involving uart_add_one_port or ulite_probe. Use the command: dmesg | grep -i 'uartlite\|BUG\|null pointer' to identify such issues.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the uart driver registration is moved into the init function so that the uart_driver is always registered before the probe function is called. This prevents the concurrency race condition that leads to kernel panic. Applying the relevant kernel patch or updating to a kernel version where this fix is included is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart