CVE-2025-38653

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38653
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38653.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38653
Downstream
Related
Published
2025-08-22T16:00:57.413Z
Modified
2025-11-28T02:34:14.340024Z
Summary
proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
Details

In the Linux kernel, the following vulnerability has been resolved:

proc: use the same treatment to check proclseek as ones for procread_iter et.al

Check pde->procops->proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen() after commit 654b33ada4ab("proc: fix UAF in procgetinode()"). Followed by AI Viro's suggestion, fix it in same manner.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38653.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3f61631d47f115b83c935d0039f95cb68b0c8ab7
Fixed
c35b0feb80b48720dfbbf4e33759c7be3faaebb6
Fixed
33c778ea0bd0fa62ff590497e72562ff90f82b13
Fixed
fc1072d934f687e1221d685cf1a49a5068318f34
Fixed
d136502e04d8853a9aecb335d07bbefd7a1519a8
Fixed
1fccbfbae1dd36198dc47feac696563244ad81d3
Fixed
ff7ec8dc1b646296f8d94c39339e8d3833d16c05

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.148
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.102
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.42
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.10
Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.16.1