CVE-2025-38448

usb: gadget: u_serial: Fix race condition in TTY wakeup

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively. Use the null-safe TTY Port helper function to wake up TTY. Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port.tty and unlock gs_start_rx() // lock tty_wakeup() // NPE

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/18d58a467ccf011078352d91b4d6a0108c7318e8
https://git.kernel.org/stable/c/d43657b59f36e88289a6066f15bc9a80df5014eb
https://git.kernel.org/stable/c/a5012673d49788f16bb4e375b002d7743eb642d9
https://git.kernel.org/stable/c/ee8d688e2ba558f3bb8ac225113740be5f335417
https://git.kernel.org/stable/c/c6eb4a05af3d0ba3bc4e8159287722fb9abc6359
https://git.kernel.org/stable/c/abf3620cba68e0e51e5c21054ce4f925f75b3661
https://git.kernel.org/stable/c/c8c80a3a35c2e3488409de2d5376ef7e662a2bf5
https://git.kernel.org/stable/c/c529c3730bd09115684644e26bf01ecbd7e2c2c9

Frequently Asked Questions

What is the severity of CVE-2025-38448?
CVE-2025-38448 has not yet been assigned a CVSS score.
How to fix CVE-2025-38448?
To fix CVE-2025-38448, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38448 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38448 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38448?
CVE-2025-38448 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.