CVE-2025-38210
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38210
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38210.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38210
- Downstream
- Related
- Published
- 2025-07-04T13:37:29Z
- Modified
- 2025-10-18T02:59:24.314643Z
- Summary
- configfs-tsm-report: Fix NULL dereference of tsm_ops
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
configfs-tsm-report: Fix NULL dereference of tsm_ops
Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, the configfs-tsm-report mechanism has an expectation that tsm_unregister() can happen at any time and cause established config-item access to start failing.
That expectation is not fully satisfied. While tsmreportread(), tsmreport{is,isbin}visible(), and tsmreportmakeitem() safely fail if tsmops have been unregistered, tsmreportprivlevelstore() tsmreportprovidershow() fail to check for ops registration. Add the missing checks for tsm_ops having been removed.
Now, in supporting the ability for tsmunregister() to always succeed, it leaves the problem of what to do with lingering config-items. The expectation is that the admin that arranges for the ->remove() (unbind) of the ${tsmarch}-guest driver is also responsible for deletion of all open config-items. Until that deletion happens, ->probe() (reload / bind) of the ${tsm_arch}-guest driver fails.
This allows for emergency shutdown / revocation of attestation interfaces, and requires coordinated restart.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced70e6f7e2b98575621019aa40ac616be58ff984e0Fixed015f04ac884a454d4d8aaa7b67758f047742b1cf
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced70e6f7e2b98575621019aa40ac616be58ff984e0Fixedcefbafcbdef011d6ef9414902311afdfba3c33eb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced70e6f7e2b98575621019aa40ac616be58ff984e0Fixedfba4ceaa242d2bdf4c04b77bda41d32d02d3925d
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.6
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "193271412004093836254400632992518787622",
"length": 305.0
},
"signature_type": "Function",
"target": {
"function": "tsm_register",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-13bcd5fa"
},
{
"digest": {
"function_hash": "324246507248493696735453026388292556611",
"length": 872.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_read",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-1ba33172"
},
{
"digest": {
"function_hash": "93298158481509512662019561286795621547",
"length": 350.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_make_item",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-1d69e7cc"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"6953366265150418517359861964393470337",
"303630737842318949684937236847356897555",
"131357366203439333740038071292658850806",
"117526919872343737714179046545502626535",
"6059659014721218483687413545486404376",
"228174518172281159186377394407777736217",
"339032090019224904502162023656525427499",
"323359708493117241115804663397117143363",
"298396066745033081549311331957327282794",
"91118475308612766377638102633859095420",
"49425431188246333255234929872661953451",
"158935817662127740631324827511185659073",
"279162770645023145723605802891968327719",
"284012473116383297446701769201073358835",
"275163034838691288779051244746685229171",
"197935634188053248926891604718336804508",
"80522192799135719388242529015044891527",
"253771739978433330647818238842725397076",
"55306798044147917333627957136020984516",
"121567883202909777916748251332496113246",
"292916068586125926440036746175443827926",
"282137476743069883831495031770659544561",
"55888552320849352263351528253336720560",
"16825785359720666752637237422324012084",
"193335079849344033631718683097278143804",
"311211780334535166282238918325390238370",
"318478674622777976595799928201127363927",
"96617444346117518919122221309932845104",
"143195111756673788733785048744964426380",
"326808829123141337555151426182316388492",
"279640678455948344933776598030792318061",
"322191882474237243216267757698325803338",
"146283775373421578963034157095549144368",
"331514871794124491221721586520766451893",
"199865891787672567792024299488941981598",
"41046678023217303366578128010823298545",
"257711955706751329888818434287284767214"
]
},
"signature_type": "Line",
"target": {
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-29350adc"
},
{
"digest": {
"function_hash": "324246507248493696735453026388292556611",
"length": 872.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_read",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-4785e275"
},
{
"digest": {
"function_hash": "305829370804003066107517596887036683887",
"length": 197.0
},
"signature_type": "Function",
"target": {
"function": "tsm_unregister",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-4f34b202"
},
{
"digest": {
"function_hash": "112233863565115362434365472630036180056",
"length": 441.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_privlevel_store",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-6d5666a2"
},
{
"digest": {
"function_hash": "112233863565115362434365472630036180056",
"length": 441.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_privlevel_store",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-71670c36"
},
{
"digest": {
"function_hash": "193271412004093836254400632992518787622",
"length": 305.0
},
"signature_type": "Function",
"target": {
"function": "tsm_register",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-738df208"
},
{
"digest": {
"function_hash": "289037275788801740426228010258841778295",
"length": 174.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_privlevel_floor_show",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-762ba249"
},
{
"digest": {
"function_hash": "289037275788801740426228010258841778295",
"length": 174.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_privlevel_floor_show",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-76b13d56"
},
{
"digest": {
"function_hash": "124284456666593648542312439819757428982",
"length": 163.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_provider_show",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-85358124"
},
{
"digest": {
"function_hash": "124284456666593648542312439819757428982",
"length": 163.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_provider_show",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-96c3b5ce"
},
{
"digest": {
"function_hash": "289037275788801740426228010258841778295",
"length": 174.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_privlevel_floor_show",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-98b7e71c"
},
{
"digest": {
"function_hash": "93298158481509512662019561286795621547",
"length": 350.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_make_item",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-a46274bd"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"6953366265150418517359861964393470337",
"303630737842318949684937236847356897555",
"131357366203439333740038071292658850806",
"117526919872343737714179046545502626535",
"6059659014721218483687413545486404376",
"228174518172281159186377394407777736217",
"339032090019224904502162023656525427499",
"323359708493117241115804663397117143363",
"298396066745033081549311331957327282794",
"91118475308612766377638102633859095420",
"49425431188246333255234929872661953451",
"158935817662127740631324827511185659073",
"279162770645023145723605802891968327719",
"284012473116383297446701769201073358835",
"275163034838691288779051244746685229171",
"197935634188053248926891604718336804508",
"80522192799135719388242529015044891527",
"253771739978433330647818238842725397076",
"55306798044147917333627957136020984516",
"121567883202909777916748251332496113246",
"292916068586125926440036746175443827926",
"282137476743069883831495031770659544561",
"55888552320849352263351528253336720560",
"16825785359720666752637237422324012084",
"193335079849344033631718683097278143804",
"311211780334535166282238918325390238370",
"318478674622777976595799928201127363927",
"96617444346117518919122221309932845104",
"143195111756673788733785048744964426380",
"326808829123141337555151426182316388492",
"279640678455948344933776598030792318061",
"322191882474237243216267757698325803338",
"146283775373421578963034157095549144368",
"331514871794124491221721586520766451893",
"199865891787672567792024299488941981598",
"41046678023217303366578128010823298545",
"257711955706751329888818434287284767214"
]
},
"signature_type": "Line",
"target": {
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-a90ab632"
},
{
"digest": {
"function_hash": "112233863565115362434365472630036180056",
"length": 441.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_privlevel_store",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-ad5ee4a8"
},
{
"digest": {
"function_hash": "305829370804003066107517596887036683887",
"length": 197.0
},
"signature_type": "Function",
"target": {
"function": "tsm_unregister",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-be6148f9"
},
{
"digest": {
"function_hash": "93298158481509512662019561286795621547",
"length": 350.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_make_item",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-f0a75664"
},
{
"digest": {
"function_hash": "305829370804003066107517596887036683887",
"length": 197.0
},
"signature_type": "Function",
"target": {
"function": "tsm_unregister",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-f2a8f71b"
},
{
"digest": {
"function_hash": "193271412004093836254400632992518787622",
"length": 305.0
},
"signature_type": "Function",
"target": {
"function": "tsm_register",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cefbafcbdef011d6ef9414902311afdfba3c33eb",
"signature_version": "v1",
"id": "CVE-2025-38210-f3b93030"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"6953366265150418517359861964393470337",
"303630737842318949684937236847356897555",
"131357366203439333740038071292658850806",
"117526919872343737714179046545502626535",
"6059659014721218483687413545486404376",
"228174518172281159186377394407777736217",
"339032090019224904502162023656525427499",
"323359708493117241115804663397117143363",
"298396066745033081549311331957327282794",
"91118475308612766377638102633859095420",
"49425431188246333255234929872661953451",
"158935817662127740631324827511185659073",
"279162770645023145723605802891968327719",
"284012473116383297446701769201073358835",
"275163034838691288779051244746685229171",
"197935634188053248926891604718336804508",
"80522192799135719388242529015044891527",
"253771739978433330647818238842725397076",
"55306798044147917333627957136020984516",
"121567883202909777916748251332496113246",
"292916068586125926440036746175443827926",
"282137476743069883831495031770659544561",
"55888552320849352263351528253336720560",
"16825785359720666752637237422324012084",
"193335079849344033631718683097278143804",
"311211780334535166282238918325390238370",
"318478674622777976595799928201127363927",
"96617444346117518919122221309932845104",
"143195111756673788733785048744964426380",
"326808829123141337555151426182316388492",
"279640678455948344933776598030792318061",
"322191882474237243216267757698325803338",
"146283775373421578963034157095549144368",
"331514871794124491221721586520766451893",
"199865891787672567792024299488941981598",
"41046678023217303366578128010823298545",
"257711955706751329888818434287284767214"
]
},
"signature_type": "Line",
"target": {
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-f8ea9c4a"
},
{
"digest": {
"function_hash": "324246507248493696735453026388292556611",
"length": 872.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_read",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@015f04ac884a454d4d8aaa7b67758f047742b1cf",
"signature_version": "v1",
"id": "CVE-2025-38210-f9433228"
},
{
"digest": {
"function_hash": "124284456666593648542312439819757428982",
"length": 163.0
},
"signature_type": "Function",
"target": {
"function": "tsm_report_provider_show",
"file": "drivers/virt/coco/tsm.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fba4ceaa242d2bdf4c04b77bda41d32d02d3925d",
"signature_version": "v1",
"id": "CVE-2025-38210-ffe7f519"
}
]