PT-2025-27985 · Linux+5 · Linux Kernel+5

Published

2025-04-30

·

Updated

2026-04-20

·

CVE-2025-38210

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A NULL dereference of tsm ops in the configfs-tsm-report mechanism has been fixed. The issue arises because the lifetime of configfs objects is controlled by userspace, and there is no mechanism for the kernel to find and delete all created config-items. The configfs-tsm-report mechanism expects that tsm unregister() can happen at any time, causing established config-item access to start failing. However, some functions, such as tsm report privlevel store() and tsm report provider show(), failed to check for ops registration, leading to potential issues. The fix adds missing checks for tsm ops having been removed.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

BDU:2025-15461
CVE-2025-38210
OESA-2025-1926
OESA-2025-1927
OESA-2025-1928
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu