Dirk Behme

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a race condition in the Linux kernel, specifically between the `really probe()` and `dev uevent()` functions. This race condition can occur when these functions run in different threads, leading to a potential system crash. The problem arises when `dev->driver` is set to `NULL` in `really probe()` and then accessed in `dev uevent()` after the check, causing the system to crash. The fix involves adding a lock to the non-protected path to prevent this race condition. Similar cases have been reported by syzkaller, but they are considered false-positives as they relate to the initialization of `dev->driver`. The same issue was previously reported and attempted to be fixed in 2015. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.