Race Condition Vulnerability in Linux Kernel ATM Component
CVE-2025-38245

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38245?

A race condition has been identified in the Linux kernel’s ATM subsystem. This occurs during the deregistration of devices in the atm_dev_deregister() function. Specifically, the mutex is released after removing the device, which can result in a brief period where the device is no longer on the device list, but related procfs/sysfs entries remain active. If a device is being added during this window, it may lead to warnings or failures due to duplicate registrations. To mitigate this issue, the mutex should be held until all procfs/sysfs entries are completely removed.

Affected Version(s)

Linux 64bf69ddff7637b7ed7acf9b2a823cc0ee519439

References

https://git.kernel.org/stable/c/b2e40fcfe1575faaa548f8761...

https://git.kernel.org/stable/c/cabed6ba92a9a8c09da02a3f2...

https://git.kernel.org/stable/c/ae539d963a17443ec54cba8a7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025