CVE-2025-38003

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: add missing rcu read protection for procfs content

When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF).

As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.

Published: Jun 8, 2025
Updated: Dec 18, 2025
CVE: CVE-2025-38003
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.19.252	4.20
linux / linux_kernel	5.4.205	5.4.294
linux / linux_kernel	5.10.130	5.10.238
linux / linux_kernel	5.15.54	5.15.185
linux / linux_kernel	5.18.11	5.19
linux / linux_kernel	5.19.1	6.1.141
linux / linux_kernel	6.2	6.6.93
linux / linux_kernel	6.7	6.12.31
linux / linux_kernel	6.13	6.14.9
linux / linux_kernel	5.19	5.19.x
linux / linux_kernel	5.19-rc6	5.19-rc6.x
linux / linux_kernel	5.19-rc7	5.19-rc7.x
linux / linux_kernel	5.19-rc8	5.19-rc8.x
linux / linux_kernel	6.15-rc1	6.15-rc1.x
linux / linux_kernel	6.15-rc2	6.15-rc2.x
linux / linux_kernel	6.15-rc3	6.15-rc3.x
linux / linux_kernel	6.15-rc4	6.15-rc4.x
linux / linux_kernel	6.15-rc5	6.15-rc5.x
linux / linux_kernel	6.15-rc6	6.15-rc6.x
linux / linux_kernel	6.15-rc7	6.15-rc7.x
debian / debian_linux	11.0	11.0.x

Vulnerability Database

319,194

CVE-2025-38003

Deep Security Visibility Without the Complexity