CVE-2025-38416

NFC: nci: uart: Set tty->disc_data only in success path

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty->disc_data only in success path Setting tty->disc_data before opening the NCI device means we need to
clean it up on error paths. This also opens some short window if device
starts sending data, even before NCIUARTSETDRIVER IOCTL succeeded
(broken hardware?). Close the window by exposing tty->disc_data only on
the success path, when opening of the NCI device and try_module_get()
succeeds. The code differs in error path in one aspect: tty->disc_data won't be
ever assigned thus NULL-ified. This however should not be relevant
difference, because of "tty->disc_data=NULL" in nci_uart_tty_open().

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFC: nci: uart: Establecer tty->disc_data solo en la ruta correcta. Configurar tty->disc_data antes de abrir el dispositivo NCI implica la necesidad de eliminar las rutas de error. Esto también genera una pequeña ventana de tiempo si el dispositivo comienza a enviar datos, incluso antes de que NCIUARTSETDRIVER IOCTL se haya ejecutado correctamente (¿hardware dañado?). Esta ventana se cierra exponiendo tty->disc_data solo en la ruta correcta cuando se abre el dispositivo NCI y try_module_get() se ejecuta correctamente. El código difiere en la ruta de error en un aspecto: tty->disc_data nunca se asignará, por lo que se convierte en NULL. Sin embargo, esta diferencia no debería ser relevante, debido a "tty->disc_data=NULL" en nci_uart_tty_open().

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-28 CVE Updated
2025-08-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/9961127d4bce6325e9a0b0fb105e0c85a6c62cb7	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a514fca2b8e95838a3ba600f31a18fa60b76d893	2025-06-27
https://git.kernel.org/stable/c/000bfbc6bc334a93fffca8f5aa9583e7b6356cb5	2025-06-27
https://git.kernel.org/stable/c/ac6992f72bd8e22679c1e147ac214de6a7093c23	2025-06-27
https://git.kernel.org/stable/c/dc7722619a9c307e9938d735cf4a2210d3d48dcb	2025-06-27
https://git.kernel.org/stable/c/a8acc7080ad55c5402a1b818b3008998247dda87	2025-06-27
https://git.kernel.org/stable/c/55c3dbd8389636161090a2b2b6d2d709b9602e9c	2025-06-27
https://git.kernel.org/stable/c/e9799db771b2d574d5bf0dfb3177485e5f40d4d6	2025-06-27
https://git.kernel.org/stable/c/fc27ab48904ceb7e4792f0c400f1ef175edf16fe	2025-06-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 5.4.295 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 5.4.295"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 5.10.239 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 5.10.239"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 5.15.186 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 5.15.186"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.1.142 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.1.142"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.6.95 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.6.95"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.12.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.12.35"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.15.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.15.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.16"		en		Affected