exploitDog

CVE-2025-38003

Опубликовано: 08 июн. 2025

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: add missing rcu read protection for procfs content

When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF).

As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.19.252 (включая) до 4.20 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.4.205 (включая) до 5.4.294 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.10.130 (включая) до 5.10.238 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.15.54 (включая) до 5.15.185 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.18.11 (включая) до 5.19 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.19.1 (включая) до 6.1.141 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.93 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.31 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.14.9 (исключая)

cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.19:rc8:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2025-38003

CVSS3: 5.5

ubuntu

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

CVE-2025-38003

CVSS3: 7

redhat

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

CVE-2025-38003

CVSS3: 6.6

msrc

6 месяцев назад

can: bcm: add missing rcu read protection for procfs content

CVE-2025-38003

CVSS3: 5.5

debian

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: c ...

GHSA-w495-f5mg-799h

CVSS3: 5.5

github

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

EPSS

Процентиль: 9%

0.00032

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo