-

CVE-2025-38717

In the Linux kernel, the following vulnerability has been resolved:

net: kcm: Fix race condition in kcm_unattach()

syzbot found a race condition when kcm_unattach(psock)
and kcm_release(kcm) are executed at the same time.

kcm_unattach() is missing a check of the flag
kcm->tx_stopped before calling queue_work().

If the kcm has a reserved psock, kcm_unattach() might get executed
between cancel_work_sync() and unreserve_psock() in kcm_release(),
requeuing kcm->tx_work right before kcm gets freed in kcm_done().

Remove kcm->tx_stopped and replace it by the less
error-prone disable_work_sync().

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 7275dc3bb8f91b23125ff3f47b6529935cf46152
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 798733ee5d5788b12e8a52db1519abc17e826f69
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 52565a935213cd6a8662ddb8efe5b4219343a25d
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.6
Status affected
Version < 4.6
Version 0
Status unaffected
Version <= 6.12.*
Version 6.12.43
Status unaffected
Version <= 6.15.*
Version 6.15.11
Status unaffected
Version <= 6.16.*
Version 6.16.2
Status unaffected
Version <= *
Version 6.17-rc2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.056
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String