Concurrence Race Condition in Linux Kernel's UART Driver
CVE-2025-38262

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38262?

A race condition vulnerability in the Linux kernel's UART driver can occur during the probing of multiple instances of UART devices. This leads to one thread calling the uart_register_driver function, which allocates memory for 'uart_state', while another instance can bypass the registration process. This causes a null pointer dereference during a call to uart_add_one_port, resulting in a kernel panic. To mitigate this issue, it's recommended to move the uart driver registration into the init function, ensuring that the driver is fully initialized before any probing takes place.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6db06aaea07bb7c8e33a425cf7b98bf29ee6056e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8e958d10dd0ce5ae674cce460db5c9ca3f25243b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 685d29f2c5057b32c7b1b46f2a7d303b926c8f72

References

https://git.kernel.org/stable/c/6db06aaea07bb7c8e33a425cf...

https://git.kernel.org/stable/c/8e958d10dd0ce5ae674cce460...

https://git.kernel.org/stable/c/685d29f2c5057b32c7b1b46f2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025