CVE-2025-38003
EUVD-2025-1738508.06.2025, 11:15
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.19.252 ≤ 𝑥 < 4.20 |
| linux | linux_kernel | 5.4.205 ≤ 𝑥 < 5.4.294 |
| linux | linux_kernel | 5.10.130 ≤ 𝑥 < 5.10.238 |
| linux | linux_kernel | 5.15.54 ≤ 𝑥 < 5.15.185 |
| linux | linux_kernel | 5.18.11 ≤ 𝑥 < 5.19 |
| linux | linux_kernel | 5.19.1 ≤ 𝑥 < 6.1.141 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.93 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.31 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.14.9 |
| linux | linux_kernel | 5.19 |
| linux | linux_kernel | 5.19:rc6 |
| linux | linux_kernel | 5.19:rc7 |
| linux | linux_kernel | 5.19:rc8 |
| linux | linux_kernel | 6.15:rc1 |
| linux | linux_kernel | 6.15:rc2 |
| linux | linux_kernel | 6.15:rc3 |
| linux | linux_kernel | 6.15:rc4 |
| linux | linux_kernel | 6.15:rc5 |
| linux | linux_kernel | 6.15:rc6 |
| linux | linux_kernel | 6.15:rc7 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
References