NULL Dereference Vulnerability in Linux Kernel Configfs Component

CVE-2025-38210

What is CVE-2025-38210?

A NULL dereference vulnerability exists in the Linux kernel's configfs component, specifically related to the configfs-tsm-report mechanism. This vulnerability arises when the kernel loses the ability to manage the lifecycle of configfs objects due to improper handling of the tsm_ops registration state. If the tsm_unregister operation is called, subsequent accesses to established config-items may experience failures. While certain operations are designed to handle unregistered tsm_ops safely, other functions do not consistently verify the registration, which could lead to system instability. Administrators must ensure proper deletion of lingering config-items to maintain system integrity, especially during driver unbinding procedures. Coordinated management of these tasks is essential to prevent operational disruptions.

References