In the Linux kernel, the following vulnerability has been resolved:
coresight: prevent deactivate active config while enabling the config
While enable active config via cscfgcsdevenableactiveconfig(), active config could be deactivated via configfs' sysfs interface. This could make UAF issue in below scenario:
CPU0 CPU1 (sysfs enable) load module cscfgloadconfigsets() activate config. // sysfs (sysactivecnt == 1) ... cscfgcsdevenableactiveconfig() lock(csdev->cscfgcsdevlock) // here load config activate by CPU1 unlock(csdev->cscfgcsdev_lock)
deactivate config // sysfs
(sys_activec_cnt == 0)
cscfg_unload_config_sets()
unload module
// access to configdesc which freed // while unloading module. cscfgcsdevenableconfig
To address this, use cscfgconfigdesc's activecnt as a reference count which will be holded when - activate the config. - enable the activated config. and put the module reference when configactive_cnt == 0.
[
{
"digest": {
"line_hashes": [
"316476034846781399736937438860039587452",
"68553778364996544839110167046587573750",
"209487959930871632668932124396350703647",
"237020189598855921643008279458258630390"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-0633e4b4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed42ee1ed05ff2f4c36938379057413a40c56680",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-config.h"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "187560770562747831761051116561355693422",
"length": 837.0
},
"id": "CVE-2025-38131-07399f7d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31028812724cef7bd57a51525ce58a32a6d73b22",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_enable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"316476034846781399736937438860039587452",
"68553778364996544839110167046587573750",
"209487959930871632668932124396350703647",
"237020189598855921643008279458258630390"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-0c4d9ed9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfe8224c9c7a43d356eb9f74b06868aa05f90223",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-config.h"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "187560770562747831761051116561355693422",
"length": 837.0
},
"id": "CVE-2025-38131-0d187058",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@408c97c4a5e0b634dcd15bf8b8808b382e888164",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_enable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "39674022107374555976345252849690666417",
"length": 364.0
},
"id": "CVE-2025-38131-0d9e7fb0",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfe8224c9c7a43d356eb9f74b06868aa05f90223",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_disable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "39674022107374555976345252849690666417",
"length": 364.0
},
"id": "CVE-2025-38131-0db5558f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3b4efa2e623aecaebd7c9b9e4171f5c659e9724",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_disable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "38497805767246997246322908121267366163",
"length": 390.0
},
"id": "CVE-2025-38131-167f5bab",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed42ee1ed05ff2f4c36938379057413a40c56680",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_deactivate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"122460723741512935396860000088121984187",
"242703852194094434558206579799487022346",
"207597521816896634251311017779329016335",
"331501006786129810824147732901044994043",
"187151814068591935353220354857111913615",
"192052871775886940532625694865334252990",
"49183775241149309708749695884665046862",
"211793617259869541900212014405371786213",
"119261465309726005751759620975391697967",
"106988547648226856548736860591745660806",
"114612908618436421288196747388694875427",
"143896978121567577899826933230887095502",
"20761988602118218471290155401224915258",
"257871705258413407772386388318440381741",
"80001861895377020250774630000466919759",
"305497256210177882857147773744517544160",
"172200196280140772576740963240355505636",
"225174162581437426320423221536646424157",
"116171918044991072021814436530558522060",
"247774543964893894282994628561630520113",
"324299095715089003023513675645831521052",
"168678752024814808131230801785056227164",
"99021517896148891938661054822511744261",
"148810113775385817186892995798705664494",
"121498915418055032350112645621348173985",
"228931123408256740023021171823246907666",
"187921306720487681350420624490523395654",
"39382224367987043778884804621394080900",
"248967754123836633726397231799536679452",
"335262093353938068893257561734285562251",
"94449482927620497898628675603448374784",
"232718013616240906548311625670396922842",
"170505347438234322739676469250377284825",
"97777366570322889617092870449487086616",
"327258777493398846259942388592484388497",
"162192977443421615575343254311796625953"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-22e1c190",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@408c97c4a5e0b634dcd15bf8b8808b382e888164",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"316476034846781399736937438860039587452",
"68553778364996544839110167046587573750",
"209487959930871632668932124396350703647",
"237020189598855921643008279458258630390"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-2bf86a86",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@408c97c4a5e0b634dcd15bf8b8808b382e888164",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-config.h"
},
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"316476034846781399736937438860039587452",
"68553778364996544839110167046587573750",
"209487959930871632668932124396350703647",
"237020189598855921643008279458258630390"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-2d4f671b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31028812724cef7bd57a51525ce58a32a6d73b22",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-config.h"
},
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"122460723741512935396860000088121984187",
"242703852194094434558206579799487022346",
"207597521816896634251311017779329016335",
"331501006786129810824147732901044994043",
"187151814068591935353220354857111913615",
"192052871775886940532625694865334252990",
"49183775241149309708749695884665046862",
"211793617259869541900212014405371786213",
"119261465309726005751759620975391697967",
"106988547648226856548736860591745660806",
"114612908618436421288196747388694875427",
"143896978121567577899826933230887095502",
"20761988602118218471290155401224915258",
"257871705258413407772386388318440381741",
"80001861895377020250774630000466919759",
"305497256210177882857147773744517544160",
"172200196280140772576740963240355505636",
"225174162581437426320423221536646424157",
"116171918044991072021814436530558522060",
"247774543964893894282994628561630520113",
"324299095715089003023513675645831521052",
"168678752024814808131230801785056227164",
"99021517896148891938661054822511744261",
"148810113775385817186892995798705664494",
"121498915418055032350112645621348173985",
"228931123408256740023021171823246907666",
"187921306720487681350420624490523395654",
"39382224367987043778884804621394080900",
"248967754123836633726397231799536679452",
"335262093353938068893257561734285562251",
"94449482927620497898628675603448374784",
"232718013616240906548311625670396922842",
"170505347438234322739676469250377284825",
"97777366570322889617092870449487086616",
"327258777493398846259942388592484388497",
"162192977443421615575343254311796625953"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-2df48422",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed42ee1ed05ff2f4c36938379057413a40c56680",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "39674022107374555976345252849690666417",
"length": 364.0
},
"id": "CVE-2025-38131-2f616f81",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed42ee1ed05ff2f4c36938379057413a40c56680",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_disable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "38497805767246997246322908121267366163",
"length": 390.0
},
"id": "CVE-2025-38131-37bef722",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3b4efa2e623aecaebd7c9b9e4171f5c659e9724",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_deactivate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "187560770562747831761051116561355693422",
"length": 837.0
},
"id": "CVE-2025-38131-4142e845",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed42ee1ed05ff2f4c36938379057413a40c56680",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_enable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "38497805767246997246322908121267366163",
"length": 390.0
},
"id": "CVE-2025-38131-4681fe1c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@408c97c4a5e0b634dcd15bf8b8808b382e888164",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_deactivate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "85089114440178806075914880097906260989",
"length": 573.0
},
"id": "CVE-2025-38131-4de6d5d9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@408c97c4a5e0b634dcd15bf8b8808b382e888164",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_activate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "187560770562747831761051116561355693422",
"length": 837.0
},
"id": "CVE-2025-38131-5763b9ab",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfe8224c9c7a43d356eb9f74b06868aa05f90223",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_enable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"316476034846781399736937438860039587452",
"68553778364996544839110167046587573750",
"209487959930871632668932124396350703647",
"237020189598855921643008279458258630390"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-5e31a96b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3b4efa2e623aecaebd7c9b9e4171f5c659e9724",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-config.h"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "38497805767246997246322908121267366163",
"length": 390.0
},
"id": "CVE-2025-38131-675dc483",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfe8224c9c7a43d356eb9f74b06868aa05f90223",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_deactivate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"195079667598487567136122105884067846297",
"242703852194094434558206579799487022346",
"207597521816896634251311017779329016335",
"331501006786129810824147732901044994043",
"187151814068591935353220354857111913615",
"192052871775886940532625694865334252990",
"49183775241149309708749695884665046862",
"211793617259869541900212014405371786213",
"119261465309726005751759620975391697967",
"106988547648226856548736860591745660806",
"114612908618436421288196747388694875427",
"143896978121567577899826933230887095502",
"20761988602118218471290155401224915258",
"257871705258413407772386388318440381741",
"80001861895377020250774630000466919759",
"305497256210177882857147773744517544160",
"172200196280140772576740963240355505636",
"225174162581437426320423221536646424157",
"116171918044991072021814436530558522060",
"247774543964893894282994628561630520113",
"324299095715089003023513675645831521052",
"59711414724190113055733466142781046512",
"99021517896148891938661054822511744261",
"148810113775385817186892995798705664494",
"121498915418055032350112645621348173985",
"228931123408256740023021171823246907666",
"126613385729963615533230330857747873859",
"234833272034926860801752296566602035826",
"3351683677238717956301823750558494969",
"335262093353938068893257561734285562251",
"94449482927620497898628675603448374784",
"284182529869926863228143025853611135304",
"100967501678393665544262232167997848641",
"167028018164861889196366164976425879454",
"327258777493398846259942388592484388497",
"162192977443421615575343254311796625953"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-80de32ad",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31028812724cef7bd57a51525ce58a32a6d73b22",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "39674022107374555976345252849690666417",
"length": 364.0
},
"id": "CVE-2025-38131-8b4b1e69",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31028812724cef7bd57a51525ce58a32a6d73b22",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_disable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "85089114440178806075914880097906260989",
"length": 573.0
},
"id": "CVE-2025-38131-8fa3951b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3b4efa2e623aecaebd7c9b9e4171f5c659e9724",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_activate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "85089114440178806075914880097906260989",
"length": 573.0
},
"id": "CVE-2025-38131-9a3095af",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed42ee1ed05ff2f4c36938379057413a40c56680",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_activate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"195079667598487567136122105884067846297",
"242703852194094434558206579799487022346",
"207597521816896634251311017779329016335",
"331501006786129810824147732901044994043",
"187151814068591935353220354857111913615",
"192052871775886940532625694865334252990",
"49183775241149309708749695884665046862",
"211793617259869541900212014405371786213",
"119261465309726005751759620975391697967",
"106988547648226856548736860591745660806",
"114612908618436421288196747388694875427",
"143896978121567577899826933230887095502",
"20761988602118218471290155401224915258",
"257871705258413407772386388318440381741",
"80001861895377020250774630000466919759",
"305497256210177882857147773744517544160",
"172200196280140772576740963240355505636",
"225174162581437426320423221536646424157",
"116171918044991072021814436530558522060",
"247774543964893894282994628561630520113",
"324299095715089003023513675645831521052",
"59711414724190113055733466142781046512",
"99021517896148891938661054822511744261",
"148810113775385817186892995798705664494",
"121498915418055032350112645621348173985",
"228931123408256740023021171823246907666",
"126613385729963615533230330857747873859",
"234833272034926860801752296566602035826",
"3351683677238717956301823750558494969",
"335262093353938068893257561734285562251",
"94449482927620497898628675603448374784",
"284182529869926863228143025853611135304",
"100967501678393665544262232167997848641",
"167028018164861889196366164976425879454",
"327258777493398846259942388592484388497",
"162192977443421615575343254311796625953"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-acce10ca",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3b4efa2e623aecaebd7c9b9e4171f5c659e9724",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "38497805767246997246322908121267366163",
"length": 390.0
},
"id": "CVE-2025-38131-af25cf4b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31028812724cef7bd57a51525ce58a32a6d73b22",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_deactivate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "187560770562747831761051116561355693422",
"length": 837.0
},
"id": "CVE-2025-38131-bf739123",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3b4efa2e623aecaebd7c9b9e4171f5c659e9724",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_enable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "85089114440178806075914880097906260989",
"length": 573.0
},
"id": "CVE-2025-38131-d21509d3",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfe8224c9c7a43d356eb9f74b06868aa05f90223",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_activate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "85089114440178806075914880097906260989",
"length": 573.0
},
"id": "CVE-2025-38131-d2417d95",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31028812724cef7bd57a51525ce58a32a6d73b22",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "_cscfg_activate_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"195079667598487567136122105884067846297",
"242703852194094434558206579799487022346",
"207597521816896634251311017779329016335",
"331501006786129810824147732901044994043",
"187151814068591935353220354857111913615",
"192052871775886940532625694865334252990",
"49183775241149309708749695884665046862",
"211793617259869541900212014405371786213",
"119261465309726005751759620975391697967",
"106988547648226856548736860591745660806",
"114612908618436421288196747388694875427",
"143896978121567577899826933230887095502",
"20761988602118218471290155401224915258",
"257871705258413407772386388318440381741",
"80001861895377020250774630000466919759",
"305497256210177882857147773744517544160",
"172200196280140772576740963240355505636",
"225174162581437426320423221536646424157",
"116171918044991072021814436530558522060",
"247774543964893894282994628561630520113",
"324299095715089003023513675645831521052",
"59711414724190113055733466142781046512",
"99021517896148891938661054822511744261",
"148810113775385817186892995798705664494",
"121498915418055032350112645621348173985",
"228931123408256740023021171823246907666",
"126613385729963615533230330857747873859",
"234833272034926860801752296566602035826",
"3351683677238717956301823750558494969",
"335262093353938068893257561734285562251",
"94449482927620497898628675603448374784",
"284182529869926863228143025853611135304",
"100967501678393665544262232167997848641",
"167028018164861889196366164976425879454",
"327258777493398846259942388592484388497",
"162192977443421615575343254311796625953"
],
"threshold": 0.9
},
"id": "CVE-2025-38131-da41538b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfe8224c9c7a43d356eb9f74b06868aa05f90223",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "39674022107374555976345252849690666417",
"length": 364.0
},
"id": "CVE-2025-38131-e10f8e0b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@408c97c4a5e0b634dcd15bf8b8808b382e888164",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "cscfg_csdev_disable_active_config",
"file": "drivers/hwtracing/coresight/coresight-syscfg.c"
},
"signature_type": "Function"
}
]