CVE-2025-38132

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A race condition scenario exists in the Linux kernel's coresight configuration. This issue arises when two CPUs interact with the configuration simultaneously, potentially leading to a situation where the config csdev list is iterated while an entry is being deleted, causing a race condition. The estimated number of potentially affected devices worldwide is not available. Details about real-world incidents where this issue was exploited are not provided. The issue involves the cscfg csdev lock and the cscfg remove owned csdev configs() function. To exploit this issue, an attacker would need to take advantage of the race condition between the iteration of config csdev list and the removal of configurations.

Recommendations: To resolve this issue, hold the cscfg csdev lock while removing configurations from csdev to prevent the race condition. As a temporary workaround, consider restricting access to the coresight configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.