Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in proc_get_inode()"). Followed by AI Viro's suggestion, fix it in same manner.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.0, < 6.1.148 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1fccbfbae1dd36198dc47feac696563244ad81d3Patch
- https://git.kernel.org/stable/c/33c778ea0bd0fa62ff590497e72562ff90f82b13Patch
- https://git.kernel.org/stable/c/c35b0feb80b48720dfbbf4e33759c7be3faaebb6Patch
- https://git.kernel.org/stable/c/d136502e04d8853a9aecb335d07bbefd7a1519a8Patch
- https://git.kernel.org/stable/c/fc1072d934f687e1221d685cf1a49a5068318f34Patch
- https://git.kernel.org/stable/c/ff7ec8dc1b646296f8d94c39339e8d3833d16c05Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
FAQ
What is CVE-2025-38653?
CVE-2025-38653 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cau...
How severe is CVE-2025-38653?
CVE-2025-38653 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38653?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.