CVE-2025-71274

EPSS 0.01%
Veröffentlicht 06.05.2026 11:27:07
Zuletzt bearbeitet 12.05.2026 21:25:11
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

rpmsg: core: fix race in driver_override_show() and use core helper

In the Linux kernel, the following vulnerability has been resolved:

rpmsg: core: fix race in driver_override_show() and use core helper

The driver_override_show function reads the driver_override string
without holding the device_lock. However, the store function modifies
and frees the string while holding the device_lock. This creates a race
condition where the string can be freed by the store function while
being read by the show function, leading to a use-after-free.

To fix this, replace the rpmsg_string_attr macro with explicit show and
store functions. The new driver_override_store uses the standard
driver_set_override helper. Since the introduction of
driver_set_override, the comments in include/linux/rpmsg.h have stated
that this helper must be used to set or clear driver_override, but the
implementation was not updated until now.

Because driver_set_override modifies and frees the string while holding
the device_lock, the new driver_override_show now correctly holds the
device_lock during the read operation to prevent the race.

Additionally, since rpmsg_string_attr has only ever been used for
driver_override, removing the macro simplifies the code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 7 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.18 < 5.10.252

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.202

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.165

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.128

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.75

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.16

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.017

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/392c6b68334aa0e0ae9aba95c0a366bcb0d92f5d

Patch

https://git.kernel.org/stable/c/d66b8074c555e8abb0ae19eea1c9f3635498bdde

Patch

https://git.kernel.org/stable/c/47615557447185917afa432b7958f87583c417cb

Patch

https://git.kernel.org/stable/c/90c8353f471821d7ccd4fe573a2402e056192494

Patch

https://git.kernel.org/stable/c/7654e6e3cd6bdee9602f6063b3c670bd556d7e61

Patch

https://git.kernel.org/stable/c/2e4a70f3c30910427e5ea848b799066d67b963d5

Patch