Home

Description

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are executed at the same time. kcm_unattach() is missing a check of the flag kcm->tx_stopped before calling queue_work(). If the kcm has a reserved psock, kcm_unattach() might get executed between cancel_work_sync() and unreserve_psock() in kcm_release(), requeuing kcm->tx_work right before kcm gets freed in kcm_done(). Remove kcm->tx_stopped and replace it by the less error-prone disable_work_sync().

PUBLISHED Reserved 2025-04-16 | Published 2025-09-04 | Updated 2025-09-29 | Assigner Linux

Product status

Default status
unaffected

ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 (git) before c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308
affected

ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 (git) before 7275dc3bb8f91b23125ff3f47b6529935cf46152
affected

ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 (git) before 798733ee5d5788b12e8a52db1519abc17e826f69
affected

ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 (git) before 52565a935213cd6a8662ddb8efe5b4219343a25d
affected

Default status
affected

4.6
affected

Any version before 4.6
unaffected

6.12.43 (semver)
unaffected

6.15.11 (semver)
unaffected

6.16.2 (semver)
unaffected

6.17 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308

git.kernel.org/...c/7275dc3bb8f91b23125ff3f47b6529935cf46152

git.kernel.org/...c/798733ee5d5788b12e8a52db1519abc17e826f69

git.kernel.org/...c/52565a935213cd6a8662ddb8efe5b4219343a25d

cve.org (CVE-2025-38717)

nvd.nist.gov (CVE-2025-38717)

Download JSON