PT-2025-27717 · Linux+6 · Linux Kernel+6

Published

2025-05-14

·

Updated

2026-04-20

·

CVE-2025-38131

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A vulnerability in the Linux kernel has been resolved, related to the coresight subsystem. The issue allowed for a potential use-after-free (UAF) scenario when deactivating an active configuration while enabling it via the sysfs interface. This could occur when one CPU enables an active configuration and another CPU deactivates it, leading to a situation where a freed configuration descriptor is accessed. The vulnerability is addressed by using a reference count to track the active configuration, holding it when the configuration is activated or enabled, and putting the module reference when the active count reaches zero.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-64538
BDU:2025-09615
CVE-2025-38131
DLA-4328-1
DSA-5973-1
ECHO-D074-DC30-A3C9
MGASA-2025-0218
MGASA-2025-0219
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu