#VU112229 Improper locking in Linux kernel - CVE-2025-38119


Vulnerability identifier: #VU112229

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38119

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/21f071261f946c5ca1adf378f818082a112b34d2
https://git.kernel.org/stable/c/3464a707d137efc8aea1d4ae234d26a28d82b78c
https://git.kernel.org/stable/c/8a3514d348de87a9d5e2ac00fbac4faae0b97996
https://git.kernel.org/stable/c/bb37f795d01961286b8f768a6d7152f32b589067
https://git.kernel.org/stable/c/ded80255c59a57cd3270d98461f6508730f9767c
https://git.kernel.org/stable/c/f592eb12b43f21dbc972cbe583a12d256901e569

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Anolis OS update for kernel:6.6
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra-igx
Ubuntu update for linux-kvm