CVE-2025-38416 (GCVE-0-2025-38416)
Vulnerability from cvelistv5
Published
2025-07-25 14:00
Modified
2025-07-28 04:21
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty->disc_data only in success path Setting tty->disc_data before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before NCIUARTSETDRIVER IOCTL succeeded (broken hardware?). Close the window by exposing tty->disc_data only on the success path, when opening of the NCI device and try_module_get() succeeds. The code differs in error path in one aspect: tty->disc_data won't be ever assigned thus NULL-ified. This however should not be relevant difference, because of "tty->disc_data=NULL" in nci_uart_tty_open().
References
Impacted products
Vendor Product Version
Linux Linux Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
Version: 9961127d4bce6325e9a0b0fb105e0c85a6c62cb7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/nci/uart.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a514fca2b8e95838a3ba600f31a18fa60b76d893",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "000bfbc6bc334a93fffca8f5aa9583e7b6356cb5",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "ac6992f72bd8e22679c1e147ac214de6a7093c23",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "dc7722619a9c307e9938d735cf4a2210d3d48dcb",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "a8acc7080ad55c5402a1b818b3008998247dda87",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "55c3dbd8389636161090a2b2b6d2d709b9602e9c",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "e9799db771b2d574d5bf0dfb3177485e5f40d4d6",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            },
            {
              "lessThan": "fc27ab48904ceb7e4792f0c400f1ef175edf16fe",
              "status": "affected",
              "version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/nfc/nci/uart.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.95",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.35",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths.  This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?).  Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified.  This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:21:30.827Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a514fca2b8e95838a3ba600f31a18fa60b76d893"
        },
        {
          "url": "https://git.kernel.org/stable/c/000bfbc6bc334a93fffca8f5aa9583e7b6356cb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac6992f72bd8e22679c1e147ac214de6a7093c23"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc7722619a9c307e9938d735cf4a2210d3d48dcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8acc7080ad55c5402a1b818b3008998247dda87"
        },
        {
          "url": "https://git.kernel.org/stable/c/55c3dbd8389636161090a2b2b6d2d709b9602e9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9799db771b2d574d5bf0dfb3177485e5f40d4d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc27ab48904ceb7e4792f0c400f1ef175edf16fe"
        }
      ],
      "title": "NFC: nci: uart: Set tty-\u003edisc_data only in success path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38416",
    "datePublished": "2025-07-25T14:00:17.849Z",
    "dateReserved": "2025-04-16T04:51:24.014Z",
    "dateUpdated": "2025-07-28T04:21:30.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38416\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-25T14:15:33.373\",\"lastModified\":\"2025-07-25T15:29:19.837\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\\n\\nSetting tty-\u003edisc_data before opening the NCI device means we need to\\nclean it up on error paths.  This also opens some short window if device\\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\\n(broken hardware?).  Close the window by exposing tty-\u003edisc_data only on\\nthe success path, when opening of the NCI device and try_module_get()\\nsucceeds.\\n\\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\\never assigned thus NULL-ified.  This however should not be relevant\\ndifference, because of \\\"tty-\u003edisc_data=NULL\\\" in nci_uart_tty_open().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/000bfbc6bc334a93fffca8f5aa9583e7b6356cb5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/55c3dbd8389636161090a2b2b6d2d709b9602e9c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a514fca2b8e95838a3ba600f31a18fa60b76d893\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a8acc7080ad55c5402a1b818b3008998247dda87\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac6992f72bd8e22679c1e147ac214de6a7093c23\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dc7722619a9c307e9938d735cf4a2210d3d48dcb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e9799db771b2d574d5bf0dfb3177485e5f40d4d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fc27ab48904ceb7e4792f0c400f1ef175edf16fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.