CVE-2025-38210

EPSS 0.03%
Veröffentlicht 04.07.2025 13:37:29
Zuletzt bearbeitet 08.07.2025 16:18:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

configfs-tsm-report: Fix NULL dereference of tsm_ops

Unlike sysfs, the lifetime of configfs objects is controlled by
userspace. There is no mechanism for the kernel to find and delete all
created config-items. Instead, the configfs-tsm-report mechanism has an
expectation that tsm_unregister() can happen at any time and cause
established config-item access to start failing.

That expectation is not fully satisfied. While tsm_report_read(),
tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail
if tsm_ops have been unregistered, tsm_report_privlevel_store()
tsm_report_provider_show() fail to check for ops registration. Add the
missing checks for tsm_ops having been removed.

Now, in supporting the ability for tsm_unregister() to always succeed,
it leaves the problem of what to do with lingering config-items. The
expectation is that the admin that arranges for the ->remove() (unbind)
of the ${tsm_arch}-guest driver is also responsible for deletion of all
open config-items. Until that deletion happens, ->probe() (reload /
bind) of the ${tsm_arch}-guest driver fails.

This allows for emergency shutdown / revocation of attestation
interfaces, and requires coordinated restart.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 015f04ac884a454d4d8aaa7b67758f047742b1cf

Version 70e6f7e2b98575621019aa40ac616be58ff984e0

Status affected

Version < cefbafcbdef011d6ef9414902311afdfba3c33eb

Version 70e6f7e2b98575621019aa40ac616be58ff984e0

Status affected

Version < fba4ceaa242d2bdf4c04b77bda41d32d02d3925d

Version 70e6f7e2b98575621019aa40ac616be58ff984e0

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.7

Status affected

Version < 6.7

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/015f04ac884a454d4d8aaa7b67758f047742b1cf

https://git.kernel.org/stable/c/cefbafcbdef011d6ef9414902311afdfba3c33eb

https://git.kernel.org/stable/c/fba4ceaa242d2bdf4c04b77bda41d32d02d3925d

https://nvd.nist.gov/vuln/detail/CVE-2025-38210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38210

EUVD