Race Condition Vulnerability in Linux Kernel Affecting Buffer Write Operations
CVE-2025-38429

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38429?

A race condition vulnerability in the Linux kernel exists in the mhi_ep_ring_add_element function, where the read pointer is updated before the buffer is fully written. This premature update can allow the host to interact with an uninitialized or incomplete element, leading to potential data corruption and unintended behavior. To mitigate this issue, it is essential to invoke the buffer write operation before updating the read pointer. This ensures that the element is entirely written before it is made available for access.

Affected Version(s)

Linux bbdcba57a1a26a4439a4f4ecdbfaf80a10fd8f34 < 44b9620e82bbec2b9a6ac77f63913636d84f96dc

Linux bbdcba57a1a26a4439a4f4ecdbfaf80a10fd8f34

Linux bbdcba57a1a26a4439a4f4ecdbfaf80a10fd8f34 < 0007ef098dab48f1ba58364c40b4809f1e21b130

References

https://git.kernel.org/stable/c/44b9620e82bbec2b9a6ac77f6...

https://git.kernel.org/stable/c/f704a80d9fa268e51a6cc5242...

https://git.kernel.org/stable/c/0007ef098dab48f1ba58364c4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025