Description

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in proc_get_inode()"). Followed by AI Viro's suggestion, fix it in same manner.

INFO

Published Date :

2025-08-22T16:00:57.413Z

Last Modified :

2025-11-03T17:40:46.576Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38653 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38653.

URL Resource
https://git.kernel.org/stable/c/1fccbfbae1dd36198dc47feac696563244ad81d3 cve-icon cve-icon
https://git.kernel.org/stable/c/33c778ea0bd0fa62ff590497e72562ff90f82b13 cve-icon cve-icon
https://git.kernel.org/stable/c/c35b0feb80b48720dfbbf4e33759c7be3faaebb6 cve-icon cve-icon
https://git.kernel.org/stable/c/d136502e04d8853a9aecb335d07bbefd7a1519a8 cve-icon cve-icon
https://git.kernel.org/stable/c/fc1072d934f687e1221d685cf1a49a5068318f34 cve-icon cve-icon
https://git.kernel.org/stable/c/ff7ec8dc1b646296f8d94c39339e8d3833d16c05 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025082238-CVE-2025-38653-35ba@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38653 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38653 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact