CVE-2025-38717
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
net: kcm: Fix race condition in kcm_unattach()
syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are executed at the same time.
kcm_unattach() is missing a check of the flag kcm->tx_stopped before calling queue_work().
If the kcm has a reserved psock, kcm_unattach() might get executed between cancel_work_sync() and unreserve_psock() in kcm_release(), requeuing kcm->tx_work right before kcm gets freed in kcm_done().
Remove kcm->tx_stopped and replace it by the less error-prone disable_work_sync().
EPSS Score: 0.001 (0.010)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-38717
EXPLOITABILITY SCORE
1
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.7mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2025-38717
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2025-38717
EXPLOITABILITY SCORE
1.0
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
4.7mediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2025-1208
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2025-38717
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-6xp8-48pg-mfmp
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-