Linux Kernel Vulnerability in NFC NCI UART Driver
CVE-2025-38416

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38416?

A vulnerability in the Linux kernel's NFC framework affects the NCI UART driver, which mishandles the setting of tty->disc_data. By prematurely assigning tty->disc_data before a successful device opening, there exists a risk of the device sending data unintentionally during an error state. The code modification ensures that tty->disc_data is only set when the device has been successfully opened and the module has been properly acquired, mitigating the risk posed by broken hardware and ensuring cleaner error handling.

Affected Version(s)

Linux 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7

Linux 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7 < 000bfbc6bc334a93fffca8f5aa9583e7b6356cb5

Linux 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7

References

https://git.kernel.org/stable/c/a514fca2b8e95838a3ba600f3...
https://git.kernel.org/stable/c/000bfbc6bc334a93fffca8f5a...
https://git.kernel.org/stable/c/ac6992f72bd8e22679c1e147a...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38416 : Linux Kernel Vulnerability in NFC NCI UART Driver