CVE-2025-38717
- Source
- https://cve.org/CVERecord?id=CVE-2025-38717
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38717.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38717
- Downstream
- Related
- Published
- 2025-09-04T15:33:11.686Z
- Modified
- 2026-05-15T11:54:50.177134089Z
- Summary
- net: kcm: Fix race condition in kcm_unattach()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: kcm: Fix race condition in kcm_unattach()
syzbot found a race condition when kcmunattach(psock) and kcmrelease(kcm) are executed at the same time.
kcmunattach() is missing a check of the flag kcm->txstopped before calling queue_work().
If the kcm has a reserved psock, kcmunattach() might get executed between cancelworksync() and unreservepsock() in kcmrelease(), requeuing kcm->txwork right before kcm gets freed in kcm_done().
Remove kcm->txstopped and replace it by the less error-prone disablework_sync().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38717.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/52565a935213cd6a8662ddb8efe5b4219343a25d
- https://git.kernel.org/stable/c/7275dc3bb8f91b23125ff3f47b6529935cf46152
- https://git.kernel.org/stable/c/798733ee5d5788b12e8a52db1519abc17e826f69
- https://git.kernel.org/stable/c/c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38717.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38717
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git