{"id":"CVE-2025-38132","summary":"coresight: holding cscfg_csdev_lock while removing cscfg from csdev","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere'll be possible race scenario for coresight config:\n\nCPU0                                          CPU1\n(perf enable)                                 load module\n                                              cscfg_load_config_sets()\n                                              activate config. // sysfs\n                                              (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n  lock(csdev-\u003ecscfg_csdev_lock)\n                                              deactivate config // sysfs\n                                              (sys_activec_cnt == 0)\n                                              cscfg_unload_config_sets()\n  \u003citerating config_csdev_list\u003e               cscfg_remove_owned_csdev_configs()\n  // here load config activate by CPU1\n  unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list's\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()","modified":"2026-03-20T12:42:41.499009Z","published":"2025-07-03T08:35:35.695Z","related":["CGA-q7qm-vvj7-vqvc","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38132.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38132.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38132"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"02bd588e12df405bdf55244708151b7f238b79ba"},{"fixed":"42f8afb0b161631fd1d814d017f75f955475ad41"},{"fixed":"53b9e2659719b04f5ba7593f2af0f2335f75e94a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38132.json"}}],"schema_version":"1.7.5"}