{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38448","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.018Z","datePublished":"2025-07-25T15:27:30.040Z","dateUpdated":"2026-05-11T21:28:12.055Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:28:12.055Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n  CPU1:\t\t\t      CPU2:\n  gserial_connect() // lock\n  \t\t\t      gs_close() // await lock\n  gs_start_rx()     // unlock\n  usb_ep_queue()\n  \t\t\t      gs_close() // lock, reset port.tty and unlock\n  gs_start_rx()     // lock\n  tty_wakeup()      // NPE"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/function/u_serial.c"],"versions":[{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"18d58a467ccf011078352d91b4d6a0108c7318e8","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"d43657b59f36e88289a6066f15bc9a80df5014eb","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"a5012673d49788f16bb4e375b002d7743eb642d9","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"ee8d688e2ba558f3bb8ac225113740be5f335417","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"c6eb4a05af3d0ba3bc4e8159287722fb9abc6359","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"abf3620cba68e0e51e5c21054ce4f925f75b3661","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"c8c80a3a35c2e3488409de2d5376ef7e662a2bf5","status":"affected","versionType":"git"},{"version":"35f95fd7f234d2b58803bab6f6ebd6bb988050a2","lessThan":"c529c3730bd09115684644e26bf01ecbd7e2c2c9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/function/u_serial.c"],"versions":[{"version":"3.5","status":"affected"},{"version":"0","lessThan":"3.5","status":"unaffected","versionType":"semver"},{"version":"5.4.296","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.240","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.189","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.146","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.99","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.39","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.7","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.4.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.10.240"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.15.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.1.146"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.6.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.12.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.15.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18d58a467ccf011078352d91b4d6a0108c7318e8"},{"url":"https://git.kernel.org/stable/c/d43657b59f36e88289a6066f15bc9a80df5014eb"},{"url":"https://git.kernel.org/stable/c/a5012673d49788f16bb4e375b002d7743eb642d9"},{"url":"https://git.kernel.org/stable/c/ee8d688e2ba558f3bb8ac225113740be5f335417"},{"url":"https://git.kernel.org/stable/c/c6eb4a05af3d0ba3bc4e8159287722fb9abc6359"},{"url":"https://git.kernel.org/stable/c/abf3620cba68e0e51e5c21054ce4f925f75b3661"},{"url":"https://git.kernel.org/stable/c/c8c80a3a35c2e3488409de2d5376ef7e662a2bf5"},{"url":"https://git.kernel.org/stable/c/c529c3730bd09115684644e26bf01ecbd7e2c2c9"}],"title":"usb: gadget: u_serial: Fix race condition in TTY wakeup","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:38:09.442Z"}}]}}