{"id":"AZL-64538","summary":"CVE-2025-38131 affecting package kernel for versions less than 6.6.96.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs' sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0                                          CPU1\n(sysfs enable)                                load module\n                                              cscfg_load_config_sets()\n                                              activate config. // sysfs\n                                              (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n                                              deactivate config // sysfs\n                                              (sys_activec_cnt == 0)\n                                              cscfg_unload_config_sets()\n                                              unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc's active_cnt as a reference count\n which will be holded when\n    - activate the config.\n    - enable the activated config.\nand put the module reference when config_active_cnt == 0.","modified":"2026-04-01T05:20:21.088614Z","published":"2025-07-03T09:15:27Z","upstream":["CVE-2025-38131"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38131"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.96.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64538.json"}}],"schema_version":"1.7.5"}