Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38448

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: u_serial: Fix race condition in TTY wakeup

A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively.

Use the null-safe TTY Port helper function to wake up TTY.

Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port.tty and unlock gs_start_rx() // lock tty_wakeup() // NPE

  • Published: Jul 25, 2025
  • Updated: Dec 23, 2025
  • CVE: CVE-2025-38448
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.7
  • AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 3.5 5.4.296
linux / linux_kernel 5.5 5.10.240
linux / linux_kernel 5.11 5.15.189
linux / linux_kernel 5.16 6.1.146
linux / linux_kernel 6.2 6.6.99
linux / linux_kernel 6.7 6.12.39
linux / linux_kernel 6.13 6.15.7
linux / linux_kernel 6.16-rc1 6.16-rc1.x
linux / linux_kernel 6.16-rc2 6.16-rc2.x
linux / linux_kernel 6.16-rc3 6.16-rc3.x
linux / linux_kernel 6.16-rc4 6.16-rc4.x
debian / debian_linux 11.0 11.0.x