CVE-2025-38132

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38132

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38132.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38132

Downstream

BELL-CVE-2025-38132

DEBIAN-CVE-2025-38132

ECHO-fcff-b068-648b

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38132

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

Related

Published

2025-07-03T09:15:27Z

Modified

2025-08-30T18:01:35Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

coresight: holding cscfgcsdevlock while removing cscfg from csdev

There'll be possible race scenario for coresight config:

CPU0 CPU1 (perf enable) load module cscfgloadconfigsets() activate config. // sysfs (sysactivecnt == 1) ... cscfgcsdevenableactiveconfig() lock(csdev->cscfgcsdevlock) deactivate config // sysfs (sysactiveccnt == 0) cscfgunloadconfigsets() <iterating configcsdevlist> cscfgremoveownedcsdevconfigs() // here load config activate by CPU1 unlock(csdev->cscfgcsdevlock)

iterating configcsdevlist could be raced with configcsdevlist's entry delete.

To resolve this race , hold csdev->cscfgcsdevlock() while cscfgremoveownedcsdevconfigs()

References

Affected packages