We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38003

can: bcm: add missing rcu read protection for procfs content



Description

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

Reserved 2025-04-16 | Published 2025-06-08 | Updated 2025-06-08 | Assigner Linux

Product status

Default status
unaffected

5b48f5711f1c630841ab78dcc061de902f0e37bf before 19f553a1ddf260da6570ed8f8d91a8c87f49b63a
affected

85cd41070df992d3c0dfd828866fdd243d3b774a before 659701c0b954ccdb4a916a4ad59bbc16e726d42c
affected

f34f2a18e47b73e48f90a757e1f4aaa8c7d665a1 before 0622846db728a5332b917c797c733e202c4620ae
affected

f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 6d7d458c41b98a5c1670cbd36f2923c37de51cf5
affected

f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 1f912f8484e9c4396378c39460bbea0af681f319
affected

f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 63567ecd99a24495208dc860d50fb17440043006
affected

f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 7c9db92d5f0eadca30884af75c53d601edc512ee
affected

f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before dac5e6249159ac255dad9781793dbe5908ac9ddb
affected

fbac09a3b8890003c0c55294c00709f3ae5501bb
affected

edb4baffb9483141a50fb7f7146cfe4a4c0c2db8
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

5.4.294
unaffected

5.10.238
unaffected

5.15.185
unaffected

6.1.141
unaffected

6.6.93
unaffected

6.12.31
unaffected

6.14.9
unaffected

6.15
unaffected

References

git.kernel.org/...c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a

git.kernel.org/...c/659701c0b954ccdb4a916a4ad59bbc16e726d42c

git.kernel.org/...c/0622846db728a5332b917c797c733e202c4620ae

git.kernel.org/...c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5

git.kernel.org/...c/1f912f8484e9c4396378c39460bbea0af681f319

git.kernel.org/...c/63567ecd99a24495208dc860d50fb17440043006

git.kernel.org/...c/7c9db92d5f0eadca30884af75c53d601edc512ee

git.kernel.org/...c/dac5e6249159ac255dad9781793dbe5908ac9ddb

cve.org (CVE-2025-38003)

nvd.nist.gov (CVE-2025-38003)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38003

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.