CVE-2025-38262 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other instance can bypass uart driver registration and call ulite_assign. This calls uart_add_one_port, which expects the uart driver to be fully initialized. This leads to a kernel panic due to a null pointer dereference: [ 8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8 [ 8.156982] #PF: supervisor write access in kernel mode [ 8.156984] #PF: error_code(0x0002) - not-present page [ 8.156986] PGD 0 P4D 0 ... [ 8.180668] RIP: 0010:mutex_lock+0x19/0x30 [ 8.188624] Call Trace: [ 8.188629] ? __die_body.cold+0x1a/0x1f [ 8.195260] ? page_fault_oops+0x15c/0x290 [ 8.209183] ? __irq_resolve_mapping+0x47/0x80 [ 8.209187] ? exc_page_fault+0x64/0x140 [ 8.209190] ? asm_exc_page_fault+0x22/0x30 [ 8.209196] ? mutex_lock+0x19/0x30 [ 8.223116] uart_add_one_port+0x60/0x440 [ 8.223122] ? proc_tty_register_driver+0x43/0x50 [ 8.223126] ? tty_register_driver+0x1ca/0x1e0 [ 8.246250] ulite_probe+0x357/0x4b0 [uartlite] To prevent it, move uart driver registration in to init function. This will ensure that uart_driver is always registered when probe function is called.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/5015eed450005bab6e5cb6810f7a62eab0434fc4
https://git.kernel.org/stable/c/685d29f2c5057b32c7b1b46f2a7d303b926c8f72
https://git.kernel.org/stable/c/6bd697b5fc39fd24e2aa418c7b7d14469f550a93
https://git.kernel.org/stable/c/6db06aaea07bb7c8e33a425cf7b98bf29ee6056e
https://git.kernel.org/stable/c/8e958d10dd0ce5ae674cce460db5c9ca3f25243b
https://git.kernel.org/stable/c/9c905fdbba68a6d73d39a6b7de9b9f0d6c46df87
https://git.kernel.org/stable/c/f5e4229d94792b40e750f30c92bcf7a3107c72ef
https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38262-419f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38262
https://www.cve.org/CVERecord?id=CVE-2025-38262

History

Thu, 17 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/5015eed450005bab6e5cb6810f7a62eab0434fc4

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00024}`	epss `{'score': 0.00032}`

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00018}`	epss `{'score': 0.00024}`

Thu, 10 Jul 2025 14:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/9c905fdbba68a6d73d39a6b7de9b9f0d6c46df87

Thu, 10 Jul 2025 00:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38262-419f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38262 https://www.cve.org/CVERecord?id=CVE-2025-38262
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 09 Jul 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other instance can bypass uart driver registration and call ulite_assign. This calls uart_add_one_port, which expects the uart driver to be fully initialized. This leads to a kernel panic due to a null pointer dereference: [ 8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8 [ 8.156982] #PF: supervisor write access in kernel mode [ 8.156984] #PF: error_code(0x0002) - not-present page [ 8.156986] PGD 0 P4D 0 ... [ 8.180668] RIP: 0010:mutex_lock+0x19/0x30 [ 8.188624] Call Trace: [ 8.188629] ? __die_body.cold+0x1a/0x1f [ 8.195260] ? page_fault_oops+0x15c/0x290 [ 8.209183] ? __irq_resolve_mapping+0x47/0x80 [ 8.209187] ? exc_page_fault+0x64/0x140 [ 8.209190] ? asm_exc_page_fault+0x22/0x30 [ 8.209196] ? mutex_lock+0x19/0x30 [ 8.223116] uart_add_one_port+0x60/0x440 [ 8.223122] ? proc_tty_register_driver+0x43/0x50 [ 8.223126] ? tty_register_driver+0x1ca/0x1e0 [ 8.246250] ulite_probe+0x357/0x4b0 [uartlite] To prevent it, move uart driver registration in to init function. This will ensure that uart_driver is always registered when probe function is called.
Title		tty: serial: uartlite: register uart driver in init
References		https://git.kernel.org/stable/c/685d29f2c5057b32c7b1b46f2a7d303b926c8f72 https://git.kernel.org/stable/c/6bd697b5fc39fd24e2aa418c7b7d14469f550a93 https://git.kernel.org/stable/c/6db06aaea07bb7c8e33a425cf7b98bf29ee6056e https://git.kernel.org/stable/c/8e958d10dd0ce5ae674cce460db5c9ca3f25243b https://git.kernel.org/stable/c/f5e4229d94792b40e750f30c92bcf7a3107c72ef

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-09T10:42:37.410Z

Updated: 2025-07-17T16:55:47.719Z

Reserved: 2025-04-16T04:51:23.997Z

Link: CVE-2025-38262

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-09T11:15:28.570

Modified: 2025-07-17T17:15:39.130

Link: CVE-2025-38262

Redhat

Severity : Moderate

Publid Date: 2025-07-09T00:00:00Z

Links: CVE-2025-38262 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object