CVE-2025-38131

coresight: prevent deactivate active config while enabling the config

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfg_csdev_enable_active_config(),
active config could be deactivated via configfs' sysfs interface.
This could make UAF issue in below scenario: CPU0 CPU1
(sysfs enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1)
...
cscfg_csdev_enable_active_config()
lock(csdev->cscfg_csdev_lock)
// here load config activate by CPU1
unlock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() unload module // access to config_desc which freed
// while unloading module.
cscfg_csdev_enable_config To address this, use cscfg_config_desc's active_cnt as a reference count which will be holded when - activate the config. - enable the activated config.
and put the module reference when config_active_cnt == 0.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-03 CVE Published
2025-07-03 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/f8cce2ff3c04361b8843d8489620fda8880f668b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/dfe8224c9c7a43d356eb9f74b06868aa05f90223	2025-06-27
https://git.kernel.org/stable/c/b3b4efa2e623aecaebd7c9b9e4171f5c659e9724	2025-06-19
https://git.kernel.org/stable/c/31028812724cef7bd57a51525ce58a32a6d73b22	2025-06-19
https://git.kernel.org/stable/c/ed42ee1ed05ff2f4c36938379057413a40c56680	2025-06-19
https://git.kernel.org/stable/c/408c97c4a5e0b634dcd15bf8b8808b382e888164	2025-05-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.142 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.142"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.94 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.94"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.12.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.12.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.15.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.15.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.16-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.16-rc1"		en		Affected