Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock' variable exists. But enough does that it's a bit unwieldy to manage. Wrap the whole thing in a ->uring_lock trylock, and just return with no output if we fail to grab it. The existing trylock() will already have greatly diminished utility/output for the failure case. This fixes an issue with reading the SQE fields, if the ring is being actively resized at the same time.

INFO

Published Date :

2025-06-06T13:43:41.137Z

Last Modified :

2025-06-26T14:59:26.666Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38002 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38002.

URL Resource
https://git.kernel.org/stable/c/bdb7d2ec2e31c46c45d1f32667dfa8216a72705e cve-icon cve-icon
https://git.kernel.org/stable/c/d871198ee431d90f5308d53998c1ba1d5db5619a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025060644-CVE-2025-38002-5e89@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38002 cve-icon
https://project-zero.issues.chromium.org/issues/417522668 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38002 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact