{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:02:35.084","vulnerabilities":[{"cve":{"id":"CVE-2025-38262","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-09T11:15:28.570","lastModified":"2025-12-18T16:59:35.973","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: uartlite: register uart driver in init\n\nWhen two instances of uart devices are probing, a concurrency race can\noccur. If one thread calls uart_register_driver function, which first\nallocates and assigns memory to 'uart_state' member of uart_driver\nstructure, the other instance can bypass uart driver registration and\ncall ulite_assign. This calls uart_add_one_port, which expects the uart\ndriver to be fully initialized. This leads to a kernel panic due to a\nnull pointer dereference:\n\n[    8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8\n[    8.156982] #PF: supervisor write access in kernel mode\n[    8.156984] #PF: error_code(0x0002) - not-present page\n[    8.156986] PGD 0 P4D 0\n...\n[    8.180668] RIP: 0010:mutex_lock+0x19\/0x30\n[    8.188624] Call Trace:\n[    8.188629]  ? __die_body.cold+0x1a\/0x1f\n[    8.195260]  ? page_fault_oops+0x15c\/0x290\n[    8.209183]  ? __irq_resolve_mapping+0x47\/0x80\n[    8.209187]  ? exc_page_fault+0x64\/0x140\n[    8.209190]  ? asm_exc_page_fault+0x22\/0x30\n[    8.209196]  ? mutex_lock+0x19\/0x30\n[    8.223116]  uart_add_one_port+0x60\/0x440\n[    8.223122]  ? proc_tty_register_driver+0x43\/0x50\n[    8.223126]  ? tty_register_driver+0x1ca\/0x1e0\n[    8.246250]  ulite_probe+0x357\/0x4b0 [uartlite]\n\nTo prevent it, move uart driver registration in to init function. This\nwill ensure that uart_driver is always registered when probe function\nis called."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: serial: uartlite: registrar el controlador UART en init. Cuando dos instancias de dispositivos UART están realizando pruebas, puede producirse una ejecución de concurrencia. Si un subproceso invoca la función uart_register_driver, que primero asigna memoria al miembro 'uart_state' de la estructura uart_driver, la otra instancia puede omitir el registro del controlador UART y llamar a ulite_assign. Esto invoca uart_add_one_port, que espera que el controlador UART esté completamente inicializado. Esto genera un pánico del kernel debido a una desreferencia de puntero nulo: [8.143581] ERROR: desreferencia de puntero NULL del kernel, dirección: 00000000000002b8 [8.156982] #PF: acceso de escritura del supervisor en modo kernel [8.156984] #PF: error_code(0x0002) - página no presente [8.156986] PGD 0 P4D 0 ... [8.180668] RIP: 0010:mutex_lock+0x19\/0x30 [8.188624] Rastreo de llamadas: [ 8.188629] ? __die_body.cold+0x1a\/0x1f [ 8.195260] ? page_fault_oops+0x15c\/0x290 [ 8.209183] ? __irq_resolve_mapping+0x47\/0x80 [ 8.209187] ? exc_page_fault+0x64\/0x140 [ 8.209190] ? asm_exc_page_fault+0x22\/0x30 [ 8.209196] ? mutex_lock+0x19\/0x30 [ 8.223116] uart_add_one_port+0x60\/0x440 [ 8.223122] ? proc_tty_register_driver+0x43\/0x50 [ 8.223126] ? tty_register_driver+0x1ca\/0x1e0 [ 8.246250] ulite_probe+0x357\/0x4b0 [uartlite] Para evitarlo, mueva el registro del controlador UART a la función init. Esto garantizará que uart_driver siempre se registre al llamar a la función de sondeo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"5.4.296","matchCriteriaId":"092812DB-392E-4683-B1DB-4F3057267FC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.187","matchCriteriaId":"4D0C2F57-3EDC-4D83-B7DD-11B0CFEF0FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.143","matchCriteriaId":"FC77EF56-FA90-40B6-AF3C-9BBE6D4BEAD8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.96","matchCriteriaId":"6AB3EB1A-48DE-47F4-9202-D0C58A0F6060"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.36","matchCriteriaId":"2BD88DEC-018F-4F40-8E29-A2CA89813EBA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.5","matchCriteriaId":"0CC768E2-3BBC-4A6E-9C2F-ECB27A703C2D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https:\/\/git.kernel.org\/stable\/c\/5015eed450005bab6e5cb6810f7a62eab0434fc4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/685d29f2c5057b32c7b1b46f2a7d303b926c8f72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/6bd697b5fc39fd24e2aa418c7b7d14469f550a93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/6db06aaea07bb7c8e33a425cf7b98bf29ee6056e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/8e958d10dd0ce5ae674cce460db5c9ca3f25243b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/9c905fdbba68a6d73d39a6b7de9b9f0d6c46df87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/f5e4229d94792b40e750f30c92bcf7a3107c72ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2025\/10\/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}