PT-2025-25815 · Linux+6 · Linux Kernel+6
Published
2025-02-17
·
Updated
2026-05-26
·
CVE-2025-38040
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.13.0-rc7+
Description
A vulnerability in the Linux kernel has been resolved. The issue was observed on a SAMA5D27 platform using atmel serial, where a warning was emitted when trying to toggle flow control in a device driver. The warning was due to disable irq being possibly called in some atomic context. The vulnerability was caused by the serial mctrl gpio library being used by the atmel serial driver to enable/disable IRQs.
Recommendations
For Linux kernel versions prior to 6.13.0-rc7+, update to a newer version to resolve the issue. As a temporary workaround, consider modifying the mctrl gpio disable ms function to split it into non-blocking and blocking APIs, depending on whether the call is protected by some port lock. Restrict access to the
mctrl gpio disable ms function to minimize the risk of exploitation until a patch is available.Exploit
Fix
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu