Race Condition in Linux Kernel Pin Multiplexer Affects Multiple Processes
CVE-2025-38632

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38632?

A race condition exists in the Linux kernel's pin multiplexer (pinmux) implementation, where simultaneous GPIO requests from different processes can lead to an inconsistent state. This flaw arises from the improper handling of the mux_usecount and mux_owner variables. Specifically, while one process may be decrementing the mux_usecount, another process can erroneously set the mux_owner to NULL. This race scenario can ultimately result in a NULL pointer dereference on subsequent requests, undermining the stability of the system. Proper atomic handling of the mutex locks is required to ensure that the mux_usecount and mux_owner are correctly updated to preserve integrity and prevent access violations.

Affected Version(s)

Linux 2da32aed4a97ca1d70fb8b77926f72f30ce5fb4b < 9b2a3e7189028aa7c4d53a84364f2ea9fb209787

Linux c11e2ec9a780f54982a187ee10ffd1b810715c85 < 9ea3f6b9a67be3476e331ce51cac316c2614a564

Linux 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e

References

https://git.kernel.org/stable/c/9b2a3e7189028aa7c4d53a843...

https://git.kernel.org/stable/c/9ea3f6b9a67be3476e331ce51...

https://git.kernel.org/stable/c/b7bd6e3971eb7f0e34d2fdce1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025