CVE-2025-38131

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> coresight: prevent deactivate active config while enabling the config<br /> <br /> While enable active config via cscfg_csdev_enable_active_config(),<br /> active config could be deactivated via configfs&amp;#39; sysfs interface.<br /> This could make UAF issue in below scenario:<br /> <br /> CPU0 CPU1<br /> (sysfs enable) load module<br /> cscfg_load_config_sets()<br /> activate config. // sysfs<br /> (sys_active_cnt == 1)<br /> ...<br /> cscfg_csdev_enable_active_config()<br /> lock(csdev-&gt;cscfg_csdev_lock)<br /> // here load config activate by CPU1<br /> unlock(csdev-&gt;cscfg_csdev_lock)<br /> <br /> deactivate config // sysfs<br /> (sys_activec_cnt == 0)<br /> cscfg_unload_config_sets()<br /> unload module<br /> <br /> // access to config_desc which freed<br /> // while unloading module.<br /> cscfg_csdev_enable_config<br /> <br /> To address this, use cscfg_config_desc&amp;#39;s active_cnt as a reference count<br /> which will be holded when<br /> - activate the config.<br /> - enable the activated config.<br /> and put the module reference when config_active_cnt == 0.