5.5

CVE-2025-38003

can: bcm: add missing rcu read protection for procfs content

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: add missing rcu read protection for procfs content

When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF).

As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.252 < 4.20
LinuxLinux Kernel Version >= 5.4.205 < 5.4.294
LinuxLinux Kernel Version >= 5.10.130 < 5.10.238
LinuxLinux Kernel Version >= 5.15.54 < 5.15.185
LinuxLinux Kernel Version >= 5.18.11 < 5.19
LinuxLinux Kernel Version >= 5.19.1 < 6.1.141
LinuxLinux Kernel Version >= 6.2 < 6.6.93
LinuxLinux Kernel Version >= 6.7 < 6.12.31
LinuxLinux Kernel Version >= 6.13 < 6.14.9
LinuxLinux Kernel Version5.19 Update-
LinuxLinux Kernel Version5.19 Updaterc6
LinuxLinux Kernel Version5.19 Updaterc7
LinuxLinux Kernel Version5.19 Updaterc8
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
LinuxLinux Kernel Version6.15 Updaterc5
LinuxLinux Kernel Version6.15 Updaterc6
LinuxLinux Kernel Version6.15 Updaterc7
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.101
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
Patch
https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
Patch
https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
Patch
https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
Patch
https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
Patch
https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
Patch
https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
Patch
https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory