Concurrence Race Condition in Linux Kernel's UART Driver
CVE-2025-38262
What is CVE-2025-38262?
A race condition vulnerability in the Linux kernel's UART driver can occur during the probing of multiple instances of UART devices. This leads to one thread calling the uart_register_driver function, which allocates memory for 'uart_state', while another instance can bypass the registration process. This causes a null pointer dereference during a call to uart_add_one_port, resulting in a kernel panic. To mitigate this issue, it's recommended to move the uart driver registration into the init function, ensuring that the driver is fully initialized before any probing takes place.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6db06aaea07bb7c8e33a425cf7b98bf29ee6056e
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8e958d10dd0ce5ae674cce460db5c9ca3f25243b
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 685d29f2c5057b32c7b1b46f2a7d303b926c8f72