CVE-2025-38210

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> configfs-tsm-report: Fix NULL dereference of tsm_ops<br /> <br /> Unlike sysfs, the lifetime of configfs objects is controlled by<br /> userspace. There is no mechanism for the kernel to find and delete all<br /> created config-items. Instead, the configfs-tsm-report mechanism has an<br /> expectation that tsm_unregister() can happen at any time and cause<br /> established config-item access to start failing.<br /> <br /> That expectation is not fully satisfied. While tsm_report_read(),<br /> tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail<br /> if tsm_ops have been unregistered, tsm_report_privlevel_store()<br /> tsm_report_provider_show() fail to check for ops registration. Add the<br /> missing checks for tsm_ops having been removed.<br /> <br /> Now, in supporting the ability for tsm_unregister() to always succeed,<br /> it leaves the problem of what to do with lingering config-items. The<br /> expectation is that the admin that arranges for the -&gt;remove() (unbind)<br /> of the ${tsm_arch}-guest driver is also responsible for deletion of all<br /> open config-items. Until that deletion happens, -&gt;probe() (reload /<br /> bind) of the ${tsm_arch}-guest driver fails.<br /> <br /> This allows for emergency shutdown / revocation of attestation<br /> interfaces, and requires coordinated restart.