CVE-2025-38003

can: bcm: add missing rcu read protection for procfs content

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: bcm: añadir protección de lectura rcu faltante para el contenido de procfs. Cuando se genera el contenido de procfs para un bcm_op que se va a eliminar, la salida de procfs podría mostrar datos no fiables (UAF). Dado que la eliminación de bcm_op ya está implementada con la gestión de rcu, este parche añade el rcu_read_lock() faltante y garantiza que las entradas de la lista se eliminen correctamente bajo la protección de rcu.

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-06-08 CVE Published
2025-06-09 CVE Updated
2025-06-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/5b48f5711f1c630841ab78dcc061de902f0e37bf	Vuln. Introduced
https://git.kernel.org/stable/c/85cd41070df992d3c0dfd828866fdd243d3b774a	Vuln. Introduced
https://git.kernel.org/stable/c/f34f2a18e47b73e48f90a757e1f4aaa8c7d665a1	Vuln. Introduced
https://git.kernel.org/stable/c/f1b4e32aca0811aa011c76e5d6cf2fa19224b386	Vuln. Introduced
https://git.kernel.org/stable/c/fbac09a3b8890003c0c55294c00709f3ae5501bb	Vuln. Introduced
https://git.kernel.org/stable/c/edb4baffb9483141a50fb7f7146cfe4a4c0c2db8	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a	2025-06-04
https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c	2025-06-04
https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae	2025-06-04
https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5	2025-06-04
https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319	2025-06-04
https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006	2025-05-29
https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee	2025-05-29
https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb	2025-05-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.205 < 5.4.294 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.205 < 5.4.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.130 < 5.10.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.130 < 5.10.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.54 < 5.15.185 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.54 < 5.15.185"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.1.141 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.141"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.6.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.12.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.12.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.14.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.14.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.252 Search vendor "Linux" for product "Linux Kernel" and version "4.19.252"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.18.11 Search vendor "Linux" for product "Linux Kernel" and version "5.18.11"		en		Affected