#VU111605 Improper locking in Linux kernel - CVE-2025-38005

Cybersecurity Help s.r.o.

Published: 2025-06-20

Vulnerability identifier: #VU111605

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38005

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0ea0433f822ed0549715f7044c9cd1cf132ff7fa
https://git.kernel.org/stable/c/26e63b2fe30c61bd25981c6084f67a8af79945d0
https://git.kernel.org/stable/c/27e71fa08711e09d81e06a54007b362a5426fd22
https://git.kernel.org/stable/c/99df1edf17493cb49a8c01f6bde55c3abb6a2a6c
https://git.kernel.org/stable/c/d87f1cddc592387359fde157cc4296556f6403c2
https://git.kernel.org/stable/c/df5987e76a4ae4cbd705d81ab4b15ed232250a4a
https://git.kernel.org/stable/c/fca280992af8c2fbd511bc43f65abb4a17363f2f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper locking in Linux kernel dma ti driver