CVE-2025-38003

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38003
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38003.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38003
Downstream
Related
Published
2025-06-08T11:15:20Z
Modified
2025-08-12T21:01:39Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: add missing rcu read protection for procfs content

When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF).

As the removal of bcmop's is already implemented with rcu handling this patch adds the missing rcuread_lock() and makes sure the list entries are properly removed under rcu protection.

References

Affected packages