CVE-2025-38717

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: kcm: Fix race condition in kcm_unattach()

syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are executed at the same time.

kcm_unattach() is missing a check of the flag kcm->tx_stopped before calling queue_work().

If the kcm has a reserved psock, kcm_unattach() might get executed between cancel_work_sync() and unreserve_psock() in kcm_release(), requeuing kcm->tx_work right before kcm gets freed in kcm_done().

Remove kcm->tx_stopped and replace it by the less error-prone disable_work_sync().

EPSS Score: 0.001 (0.010)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in