PT-2025-34394 · Linux+5 · Linux Kernel+5

Published

2025-07-08

·

Updated

2026-04-20

·

CVE-2025-38632

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A race condition in the pinmux functionality can lead to a NULL pointer dereference. This occurs due to improper handling of mux usecount and mux owner updates when multiple processes access the same GPIO pin concurrently. Specifically, the issue arises from interleaving operations in pin request() and pin free() functions, where mux owner can be set to NULL while mux usecount is still greater than zero, potentially causing a crash on subsequent requests for the same pin. The root cause is non-atomic updates to mux usecount and mux owner.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Race Condition

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

BDU:2025-15783
CVE-2025-38632
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2118
OESA-2025-2119
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu