CVE-2025-38003

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38003

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38003.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38003

Downstream

BELL-CVE-2025-38003

DEBIAN-CVE-2025-38003

DSA-5973-1

ECHO-eae6-e1d7-111d

OESA-2025-2120

OESA-2025-2121

OESA-2025-2122

SUSE-SU-2025:02249-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-38003

USN-7704-1

USN-7704-2

USN-7704-3

USN-7704-4

USN-7704-5

USN-7711-1

USN-7712-1

USN-7712-2

USN-7769-1

USN-7769-2

USN-7770-1

Related

Published

2025-06-08T11:15:20Z

Modified

2025-08-12T21:01:39Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: add missing rcu read protection for procfs content

When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF).

As the removal of bcmop's is already implemented with rcu handling this patch adds the missing rcuread_lock() and makes sure the list entries are properly removed under rcu protection.

References

Affected packages