Description

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are executed at the same time. kcm_unattach() is missing a check of the flag kcm->tx_stopped before calling queue_work(). If the kcm has a reserved psock, kcm_unattach() might get executed between cancel_work_sync() and unreserve_psock() in kcm_release(), requeuing kcm->tx_work right before kcm gets freed in kcm_done(). Remove kcm->tx_stopped and replace it by the less error-prone disable_work_sync().

INFO

Published Date :

2025-09-04T15:33:11.686Z

Last Modified :

2025-09-29T05:56:40.882Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38717 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38717.

URL Resource
https://git.kernel.org/stable/c/52565a935213cd6a8662ddb8efe5b4219343a25d cve-icon cve-icon
https://git.kernel.org/stable/c/7275dc3bb8f91b23125ff3f47b6529935cf46152 cve-icon cve-icon
https://git.kernel.org/stable/c/798733ee5d5788b12e8a52db1519abc17e826f69 cve-icon cve-icon
https://git.kernel.org/stable/c/c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38717-fbf6@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38717 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38717 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact