Race Condition Vulnerability in Linux Kernel Affects Dell Products
CVE-2025-21695

4.7MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 February 2025

Summary

A race condition vulnerability exists in the Linux kernel impacting Dell devices due to improper ordering in the dell_uart_bl_serdev_probe() function. This flaw occurs when devm_serdev_device_open() is invoked prior to setting the client operations, leading to a potential NULL pointer dereference in the serdev controller's receive_buf handler. The kernel assumes that the client operations are valid when the SERPORT_ACTIVE state is activated. To mitigate this issue, it is crucial to sequence these operations correctly, ensuring that the client ops are established before opening the device, thereby preventing any unintended behavior or system instability.

Affected Version(s)

Linux 484bae9e4d6acb5eec39e1ea47f9aa43f11b154d

Linux 484bae9e4d6acb5eec39e1ea47f9aa43f11b154d < 1b2128aa2d45ab20b22548dcf4b48906298ca7fd

Linux 6.10

References

https://git.kernel.org/stable/c/d3a24d923333f75aaece9acb0...

https://git.kernel.org/stable/c/1b2128aa2d45ab20b22548dcf...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Dec 29, 2024