CVE-2025-38132

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> coresight: holding cscfg_csdev_lock while removing cscfg from csdev<br /> <br /> There&amp;#39;ll be possible race scenario for coresight config:<br /> <br /> CPU0 CPU1<br /> (perf enable) load module<br /> cscfg_load_config_sets()<br /> activate config. // sysfs<br /> (sys_active_cnt == 1)<br /> ...<br /> cscfg_csdev_enable_active_config()<br /> lock(csdev-&gt;cscfg_csdev_lock)<br /> deactivate config // sysfs<br /> (sys_activec_cnt == 0)<br /> cscfg_unload_config_sets()<br /> cscfg_remove_owned_csdev_configs()<br /> // here load config activate by CPU1<br /> unlock(csdev-&gt;cscfg_csdev_lock)<br /> <br /> iterating config_csdev_list could be raced with config_csdev_list&amp;#39;s<br /> entry delete.<br /> <br /> To resolve this race , hold csdev-&gt;cscfg_csdev_lock() while<br /> cscfg_remove_owned_csdev_configs()