CVE-2025-38262 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other instance can bypass uart driver registration and call ulite_assign. This calls uart_add_one_port, which expects the uart driver to be fully initialized. This leads to a kernel panic due to a null pointer dereference: [ 8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8 [ 8.156982] #PF: supervisor write access in kernel mode [ 8.156984] #PF: error_code(0x0002) - not-present page [ 8.156986] PGD 0 P4D 0 ... [ 8.180668] RIP: 0010:mutex_lock+0x19/0x30 [ 8.188624] Call Trace: [ 8.188629] ? __die_body.cold+0x1a/0x1f [ 8.195260] ? page_fault_oops+0x15c/0x290 [ 8.209183] ? __irq_resolve_mapping+0x47/0x80 [ 8.209187] ? exc_page_fault+0x64/0x140 [ 8.209190] ? asm_exc_page_fault+0x22/0x30 [ 8.209196] ? mutex_lock+0x19/0x30 [ 8.223116] uart_add_one_port+0x60/0x440 [ 8.223122] ? proc_tty_register_driver+0x43/0x50 [ 8.223126] ? tty_register_driver+0x1ca/0x1e0 [ 8.246250] ulite_probe+0x357/0x4b0 [uartlite] To prevent it, move uart driver registration in to init function. This will ensure that uart_driver is always registered when probe function is called.

Reserved 2025-04-16 | Published 2025-07-09 | Updated 2025-07-11 | Assigner Linux

Product status

Default status

unaffected

238b8721a554a33a451a3f13bdb5be8fe5cfc927 before 9c905fdbba68a6d73d39a6b7de9b9f0d6c46df87

affected

238b8721a554a33a451a3f13bdb5be8fe5cfc927 before 6db06aaea07bb7c8e33a425cf7b98bf29ee6056e

affected

238b8721a554a33a451a3f13bdb5be8fe5cfc927 before 8e958d10dd0ce5ae674cce460db5c9ca3f25243b

affected

238b8721a554a33a451a3f13bdb5be8fe5cfc927 before 685d29f2c5057b32c7b1b46f2a7d303b926c8f72

affected

238b8721a554a33a451a3f13bdb5be8fe5cfc927 before f5e4229d94792b40e750f30c92bcf7a3107c72ef

affected

238b8721a554a33a451a3f13bdb5be8fe5cfc927 before 6bd697b5fc39fd24e2aa418c7b7d14469f550a93

affected

Default status

affected

2.6.20

affected

Any version before 2.6.20

unaffected

5.15.187

unaffected

6.1.143

unaffected

6.6.96

unaffected

6.12.36

unaffected

6.15.5

unaffected

6.16-rc1

unaffected

References

git.kernel.org/...c/9c905fdbba68a6d73d39a6b7de9b9f0d6c46df87

git.kernel.org/...c/6db06aaea07bb7c8e33a425cf7b98bf29ee6056e

git.kernel.org/...c/8e958d10dd0ce5ae674cce460db5c9ca3f25243b

git.kernel.org/...c/685d29f2c5057b32c7b1b46f2a7d303b926c8f72

git.kernel.org/...c/f5e4229d94792b40e750f30c92bcf7a3107c72ef

git.kernel.org/...c/6bd697b5fc39fd24e2aa418c7b7d14469f550a93

cve.org (CVE-2025-38262)

nvd.nist.gov (CVE-2025-38262)

Download JSON