{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38132","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.987Z","datePublished":"2025-07-03T08:35:35.695Z","dateUpdated":"2026-05-11T21:21:52.827Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:21:52.827Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere'll be possible race scenario for coresight config:\n\nCPU0                                          CPU1\n(perf enable)                                 load module\n                                              cscfg_load_config_sets()\n                                              activate config. // sysfs\n                                              (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n  lock(csdev->cscfg_csdev_lock)\n                                              deactivate config // sysfs\n                                              (sys_activec_cnt == 0)\n                                              cscfg_unload_config_sets()\n  <iterating config_csdev_list>               cscfg_remove_owned_csdev_configs()\n  // here load config activate by CPU1\n  unlock(csdev->cscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list's\nentry delete.\n\nTo resolve this race , hold csdev->cscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hwtracing/coresight/coresight-syscfg.c"],"versions":[{"version":"02bd588e12df405bdf55244708151b7f238b79ba","lessThan":"42f8afb0b161631fd1d814d017f75f955475ad41","status":"affected","versionType":"git"},{"version":"02bd588e12df405bdf55244708151b7f238b79ba","lessThan":"53b9e2659719b04f5ba7593f2af0f2335f75e94a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hwtracing/coresight/coresight-syscfg.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"6.15.3","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.15.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41"},{"url":"https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a"}],"title":"coresight: holding cscfg_csdev_lock while removing cscfg from csdev","x_generator":{"engine":"bippy-1.2.0"}}}}