CVE-2025-38003
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38003
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38003.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38003
- Downstream
- Related
- Published
- 2025-06-08T10:34:55.808Z
- Modified
- 2025-11-28T02:34:58.708739Z
- Summary
- can: bcm: add missing rcu read protection for procfs content
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add missing rcu read protection for procfs content
When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF).
As the removal of bcmop's is already implemented with rcu handling this patch adds the missing rcuread_lock() and makes sure the list entries are properly removed under rcu protection.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38003.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
- https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
- https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
- https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
- https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
- https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
- https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
- https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38003.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38003
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5b48f5711f1c630841ab78dcc061de902f0e37bfFixed19f553a1ddf260da6570ed8f8d91a8c87f49b63a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced85cd41070df992d3c0dfd828866fdd243d3b774aFixed659701c0b954ccdb4a916a4ad59bbc16e726d42c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf34f2a18e47b73e48f90a757e1f4aaa8c7d665a1Fixed0622846db728a5332b917c797c733e202c4620ae
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf1b4e32aca0811aa011c76e5d6cf2fa19224b386Fixed6d7d458c41b98a5c1670cbd36f2923c37de51cf5Fixed1f912f8484e9c4396378c39460bbea0af681f319Fixed63567ecd99a24495208dc860d50fb17440043006Fixed7c9db92d5f0eadca30884af75c53d601edc512eeFixeddac5e6249159ac255dad9781793dbe5908ac9ddb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedfbac09a3b8890003c0c55294c00709f3ae5501bbLast affectededb4baffb9483141a50fb7f7146cfe4a4c0c2db8
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.4.294
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.238
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.185
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.141
- Type
- ECOSYSTEM
- Events
-
Introduced5.19.0Fixed6.6.93
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.12.31
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.14.9