4.7

CVE-2025-38448

usb: gadget: u_serial: Fix race condition in TTY wakeup

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: u_serial: Fix race condition in TTY wakeup

A race condition occurs when gs_start_io() calls either gs_start_rx() or
gs_start_tx(), as those functions briefly drop the port_lock for
usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear
port.tty and port_usb, respectively.

Use the null-safe TTY Port helper function to wake up TTY.

Example
  CPU1:			      CPU2:
  gserial_connect() // lock
  			      gs_close() // await lock
  gs_start_rx()     // unlock
  usb_ep_queue()
  			      gs_close() // lock, reset port.tty and unlock
  gs_start_rx()     // lock
  tty_wakeup()      // NPE
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.5 < 5.4.296
LinuxLinux Kernel Version >= 5.5 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.189
LinuxLinux Kernel Version >= 5.16 < 6.1.146
LinuxLinux Kernel Version >= 6.2 < 6.6.99
LinuxLinux Kernel Version >= 6.7 < 6.12.39
LinuxLinux Kernel Version >= 6.13 < 6.15.7
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.018
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/18d58a467ccf011078352d91b4d6a0108c7318e8
Patch
https://git.kernel.org/stable/c/a5012673d49788f16bb4e375b002d7743eb642d9
Patch
https://git.kernel.org/stable/c/abf3620cba68e0e51e5c21054ce4f925f75b3661
Patch
https://git.kernel.org/stable/c/c529c3730bd09115684644e26bf01ecbd7e2c2c9
Patch
https://git.kernel.org/stable/c/c6eb4a05af3d0ba3bc4e8159287722fb9abc6359
Patch
https://git.kernel.org/stable/c/c8c80a3a35c2e3488409de2d5376ef7e662a2bf5
Patch
https://git.kernel.org/stable/c/d43657b59f36e88289a6066f15bc9a80df5014eb
Patch
https://git.kernel.org/stable/c/ee8d688e2ba558f3bb8ac225113740be5f335417
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory