-

CVE-2025-38653

EPSS 0.04%
Veröffentlicht 22.08.2025 16:00:57
Zuletzt bearbeitet 22.08.2025 18:08:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. 
It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in
proc_get_inode()").  Followed by AI Viro's suggestion, fix it in same
manner.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c35b0feb80b48720dfbbf4e33759c7be3faaebb6

Version 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Status affected

Version < 33c778ea0bd0fa62ff590497e72562ff90f82b13

Version 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Status affected

Version < fc1072d934f687e1221d685cf1a49a5068318f34

Version 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Status affected

Version < d136502e04d8853a9aecb335d07bbefd7a1519a8

Version 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Status affected

Version < 1fccbfbae1dd36198dc47feac696563244ad81d3

Version 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Status affected

Version < ff7ec8dc1b646296f8d94c39339e8d3833d16c05

Version 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.148

Status unaffected

Version <= 6.6.*

Version 6.6.102

Status unaffected

Version <= 6.12.*

Version 6.12.42

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.089

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/c35b0feb80b48720dfbbf4e33759c7be3faaebb6

https://git.kernel.org/stable/c/33c778ea0bd0fa62ff590497e72562ff90f82b13

https://git.kernel.org/stable/c/fc1072d934f687e1221d685cf1a49a5068318f34

https://git.kernel.org/stable/c/d136502e04d8853a9aecb335d07bbefd7a1519a8

https://git.kernel.org/stable/c/1fccbfbae1dd36198dc47feac696563244ad81d3

https://git.kernel.org/stable/c/ff7ec8dc1b646296f8d94c39339e8d3833d16c05

https://nvd.nist.gov/vuln/detail/CVE-2025-38653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38653

EUVD