Main Vulnerability Database SB2025072763

SB2025072763 - Improper locking in Linux kernel tee optee driver

Published: July 27, 2025

Security Bulletin ID SB2025072763

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-38374)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the optee_ffa_exchange_caps(), optee_ffa_remove() and optee_ffa_async_notif_init() functions in drivers/tee/optee/ffa_abi.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/312d02adb959ea199372f375ada06e0186f651e4
https://git.kernel.org/stable/c/5f28563f0c6862c99eb115c918421d9b73f137ad
https://git.kernel.org/stable/c/f27cf15783bd60063c6c97434cbd67ebd91d8db5