PT-2025-30862 · Linux+5 · Linux Kernel+5

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-38448

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A race condition exists when gs start io() calls either gs start rx() or gs start tx(), as these functions briefly release the port lock for usb ep queue(). This allows gs close() and gserial disconnect() to clear port.tty and port usb, respectively. The issue is addressed by utilizing a null-safe TTY Port helper function to wake up the TTY. The race condition occurs when CPU1 executes gserial connect() and CPU2 executes gs close() concurrently, potentially leading to a null pointer exception (NPE).
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Weakness Enumeration

CWE-362

Related Identifiers

AZL-65690
BDU:2025-09187
CVE-2025-38448
DLA-4327-1
DLA-4328-1
DSA-5973-1
DSA-5975-1
ECHO-3FAE-8B0F-D163
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu