Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-38003
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-08 Jun, 2025 | 10:34
Updated At-03 Nov, 2025 | 17:33
Rejected At-
▼CVE Numbering Authority (CNA)
can: bcm: add missing rcu read protection for procfs content

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/can/bcm.c
Default Status
unaffected
Versions
Affected
  • From 5b48f5711f1c630841ab78dcc061de902f0e37bf before 19f553a1ddf260da6570ed8f8d91a8c87f49b63a (git)
  • From 85cd41070df992d3c0dfd828866fdd243d3b774a before 659701c0b954ccdb4a916a4ad59bbc16e726d42c (git)
  • From f34f2a18e47b73e48f90a757e1f4aaa8c7d665a1 before 0622846db728a5332b917c797c733e202c4620ae (git)
  • From f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 6d7d458c41b98a5c1670cbd36f2923c37de51cf5 (git)
  • From f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 1f912f8484e9c4396378c39460bbea0af681f319 (git)
  • From f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 63567ecd99a24495208dc860d50fb17440043006 (git)
  • From f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before 7c9db92d5f0eadca30884af75c53d601edc512ee (git)
  • From f1b4e32aca0811aa011c76e5d6cf2fa19224b386 before dac5e6249159ac255dad9781793dbe5908ac9ddb (git)
  • fbac09a3b8890003c0c55294c00709f3ae5501bb (git)
  • edb4baffb9483141a50fb7f7146cfe4a4c0c2db8 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/can/bcm.c
Default Status
affected
Versions
Affected
  • 5.19
Unaffected
  • From 0 before 5.19 (semver)
  • From 5.4.294 through 5.4.* (semver)
  • From 5.10.238 through 5.10.* (semver)
  • From 5.15.185 through 5.15.* (semver)
  • From 6.1.141 through 6.1.* (semver)
  • From 6.6.93 through 6.6.* (semver)
  • From 6.12.31 through 6.12.* (semver)
  • From 6.14.9 through 6.14.* (semver)
  • From 6.15 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
N/A
https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
N/A
https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
N/A
https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
N/A
https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
N/A
https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
N/A
https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
N/A
https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
N/A
Hyperlink: https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
N/A
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Resource: N/A
Details not found