fkie_cve-2025-38137
Vulnerability from fkie_nvd
Published
2025-07-03 09:15
Modified
2025-07-03 15:13
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: (a) forcing rescan_work_func() to take a long time and (b) utilizing a pwrctrl driver that may be unloaded for some reason Cancel outstanding work to ensure it is finished before we allow our data structures to be cleaned up. [bhelgaas: tidy commit log]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt\u0027s possible to trigger use-after-free here by:\n\n  (a) forcing rescan_work_func() to take a long time and\n  (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/pwrctrl: Cancelar el trabajo de reescaneo pendiente al anular el registro Es posible activar el use-after-free aqu\u00ed: (a) forzando a rescan_work_func() a tomar mucho tiempo y (b) utilizando un controlador pwrctrl que puede estar descargado por alguna raz\u00f3n Cancelar el trabajo pendiente para asegurar que est\u00e9 terminado antes de que permitamos que se limpien nuestras estructuras de datos. [bhelgaas: tidy commit log]"
    }
  ],
  "id": "CVE-2025-38137",
  "lastModified": "2025-07-03T15:13:53.147",
  "metrics": {},
  "published": "2025-07-03T09:15:28.240",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.