CVE-2025-38717

MEDIUM

Linux Kernel 4.6-6.12.42, 6.13.0-6.15.10, 6.16.0-6.16.1 - Race Condition in kcm_unattach

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are executed at the same time. kcm_unattach() is missing a check of the flag kcm->tx_stopped before calling queue_work(). If the kcm has a reserved psock, kcm_unattach() might get executed between cancel_work_sync() and unreserve_psock() in kcm_release(), requeuing kcm->tx_work right before kcm gets freed in kcm_done(). Remove kcm->tx_stopped and replace it by the less error-prone disable_work_sync().

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308

Patch

https://git.kernel.org/stable/c/7275dc3bb8f91b23125ff3f47b6529935cf46152

Patch

https://git.kernel.org/stable/c/798733ee5d5788b12e8a52db1519abc17e826f69

Patch

https://git.kernel.org/stable/c/52565a935213cd6a8662ddb8efe5b4219343a25d

Scores

CVSS v3 4.7

EPSS 0.0010

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-362

Status published

Products (15)

linux/Kernel 4.6.0 - 6.12.43linux

linux/Kernel 6.13.0 - 6.15.11linux

linux/Kernel 6.16.0 - 6.16.2linux

Linux/Linux < 4.6

Linux/Linux 4.6

Linux/Linux 6.12.43 - 6.12.*

Linux/Linux 6.15.11 - 6.15.*

Linux/Linux 6.16.2 - 6.16.*

Linux/Linux 6.17

Linux/Linux ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 - 52565a935213cd6a8662ddb8efe5b4219343a25d

... and 5 more

Published Sep 04, 2025

Tracked Since Feb 18, 2026