CVE-2025-38245
published 2025-07-09CVE-2025-38245: In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
syzbot reported a warning below during atm_dev_register(). [0]
Before creating a new device and procfs/sysfs for it, atm_dev_register()
looks up a duplicated device by __atm_dev_lookup(). These operations are
done under atm_dev_mutex.
However, when removing a device in atm_dev_deregister(), it releases the
mutex just after removing the device from the list that __atm_dev_lookup()
iterates over.
So, there will be a small race window where the device does not exist on
the device list but procfs/sysfs are still not removed, triggering the
splat.
Let's hold the mutex until procfs/sysfs are removed in
atm_dev_deregister().
[0]:
proc_dir_entry 'atm/atmtcp:0' already registered
WARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377
Modules linked in:
CPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377
Code: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48
RSP: 0018:ffffc9000466fa30 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248
RDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001
RBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140
R13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444
FS: 00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 00
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < 2a8dcee649d12f69713f2589171a1caf6d4fa439 | 2a8dcee649d12f69713f2589171a1caf6d4fa439 |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < 4bb1bb438134d9ee6b97cc07289dd7c569092eec | 4bb1bb438134d9ee6b97cc07289dd7c569092eec |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < 26248d5d68c865b888d632162abbf8130645622c | 26248d5d68c865b888d632162abbf8130645622c |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < b2e40fcfe1575faaa548f87614006d3fe44c779e | b2e40fcfe1575faaa548f87614006d3fe44c779e |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < cabed6ba92a9a8c09da02a3f20e32ecd80989896 | cabed6ba92a9a8c09da02a3f20e32ecd80989896 |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < ae539d963a17443ec54cba8a767e4ffa318264f4 | ae539d963a17443ec54cba8a767e4ffa318264f4 |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < 6922f1a048c090f10704bbef4a3a1e81932d2e0a | 6922f1a048c090f10704bbef4a3a1e81932d2e0a |
| linux | linux | >= 64bf69ddff7637b7ed7acf9b2a823cc0ee519439 < a433791aeaea6e84df709e0b9584b9bbe040cd1c | a433791aeaea6e84df709e0b9584b9bbe040cd1c |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 2.6.16 < 5.4.296 | 5.4.296 |
| linux | linux_kernel | >= 5.11 < 5.15.187 | 5.15.187 |
| linux | linux_kernel | >= 5.16 < 6.1.143 | 6.1.143 |
| linux | linux_kernel | >= 5.5 < 5.10.240 | 5.10.240 |
| linux | linux_kernel | >= 6.13 < 6.15.5 | 6.15.5 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH