Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]tty: serial: uartlite: register uart driver in init[EOL][EOL]When two instances of uart devices are probing, a concurrency race can[EOL]occur. If one thread calls uart_register_driver function, which first[EOL]allocates and assigns memory to 'uart_state' member of uart_driver[EOL]structure, the other instance can bypass uart driver registration and[EOL]call ulite_assign. This calls uart_add_one_port, which expects the uart[EOL]driver to be fully initialized. This leads to a kernel panic due to a[EOL]null pointer dereference:[EOL][EOL][    8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8[EOL][    8.156982] #PF: supervisor write access in kernel mode[EOL][    8.156984] #PF: error_code(0x0002) - not-present page[EOL][    8.156986] PGD 0 P4D 0[EOL]...[EOL][    8.180668] RIP: 0010:mutex_lock+0x19/0x30[EOL][    8.188624] Call Trace:[EOL][    8.188629]  ? __die_body.cold+0x1a/0x1f[EOL][    8.195260]  ? page_fault_oops+0x15c/0x290[EOL][    8.209183]  ? __irq_resolve_mapping+0x47/0x80[EOL][    8.209187]  ? exc_page_fault+0x64/0x140[EOL][    8.209190]  ? asm_exc_page_fault+0x22/0x30[EOL][    8.209196]  ? mutex_lock+0x19/0x30[EOL][    8.223116]  uart_add_one_port+0x60/0x440[EOL][    8.223122]  ? proc_tty_register_driver+0x43/0x50[EOL][    8.223126]  ? tty_register_driver+0x1ca/0x1e0[EOL][    8.246250]  ulite_probe+0x357/0x4b0 [uartlite][EOL][EOL]To prevent it, move uart driver registration in to init function. This[EOL]will ensure that uart_driver is always registered when probe function[EOL]is called.

CREATE(Triage):(User=admin) [CVE-2025-38262 (https://nvd.nist.gov/vuln/detail/CVE-2025-38262)