CVE-2025-38632

EPSS 0.03%
Published 22.08.2025 16:00:40
Last modified 22.08.2025 18:08:51
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

pinmux: fix race causing mux_owner NULL with active mux_usecount

commit 5a3e85c3c397 ("pinmux: Use sequential access to access
desc->pinmux data") tried to address the issue when two client of the
same gpio calls pinctrl_select_state() for the same functionality, was
resulting in NULL pointer issue while accessing desc->mux_owner.
However, issue was not completely fixed due to the way it was handled
and it can still result in the same NULL pointer.

The issue occurs due to the following interleaving:

     cpu0 (process A)                   cpu1 (process B)

      pin_request() {                   pin_free() {

                                         mutex_lock()
                                         desc->mux_usecount--; //becomes 0
                                         ..
                                         mutex_unlock()

  mutex_lock(desc->mux)
  desc->mux_usecount++; // becomes 1
  desc->mux_owner = owner;
  mutex_unlock(desc->mux)

                                         mutex_lock(desc->mux)
                                         desc->mux_owner = NULL;
                                         mutex_unlock(desc->mux)

This sequence leads to a state where the pin appears to be in use
(`mux_usecount == 1`) but has no owner (`mux_owner == NULL`), which can
cause NULL pointer on next pin_request on the same pin.

Ensure that updates to mux_usecount and mux_owner are performed
atomically under the same lock. Only clear mux_owner when mux_usecount
reaches zero and no new owner has been assigned.

Affected products Warnungen 0 Metrics 1 CWE 0 References 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 9b2a3e7189028aa7c4d53a84364f2ea9fb209787

Version 2da32aed4a97ca1d70fb8b77926f72f30ce5fb4b

Status affected

Version < 9ea3f6b9a67be3476e331ce51cac316c2614a564

Version c11e2ec9a780f54982a187ee10ffd1b810715c85

Status affected

Version < b7bd6e3971eb7f0e34d2fdce1b18b08094e0c804

Version 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e

Status affected

Version < 22b585cbd67d14df3b91529d1b990661c300faa9

Version 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e

Status affected

Version < 0b075c011032f88d1cfde3b45d6dcf08b44140eb

Version 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.13

Status affected

Version < 6.13

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.102

Status unaffected

Version <= 6.12.*

Version 6.12.42

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/9b2a3e7189028aa7c4d53a84364f2ea9fb209787

https://git.kernel.org/stable/c/9ea3f6b9a67be3476e331ce51cac316c2614a564

https://git.kernel.org/stable/c/b7bd6e3971eb7f0e34d2fdce1b18b08094e0c804

https://git.kernel.org/stable/c/22b585cbd67d14df3b91529d1b990661c300faa9

https://git.kernel.org/stable/c/0b075c011032f88d1cfde3b45d6dcf08b44140eb

https://nvd.nist.gov/vuln/detail/CVE-2025-38632

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38632

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38632

EUVD