Main Vulnerability Database SB2025081830

SB2025081830 - Improper locking in Linux kernel trace events

Published: August 18, 2025

Security Bulletin ID SB2025081830

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-38524)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/6c75a97a32a5fa2060c3dd30207e63b6914b606d
https://git.kernel.org/stable/c/7692bde890061797f3dece0148d7859e85c55778
https://git.kernel.org/stable/c/839fe96c15209dc2255c064bb44b636efe04f032
https://git.kernel.org/stable/c/962fb1f651c2cf2083e0c3ef53ba69e3b96d3fbc