Wind River Support Network

HomeDefectsLIN1023-14420
Acknowledged

LIN1023-14420 : Security Advisory - linux - CVE-2025-38510

Created: Aug 17, 2025    Updated: Aug 18, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]kasan: remove kasan_find_vm_area() to prevent possible deadlock[EOL][EOL]find_vm_area() couldn't be called in atomic_context.  If find_vm_area() is[EOL]called to reports vm area information, kasan can trigger deadlock like:[EOL][EOL]CPU0                                CPU1[EOL]vmalloc();[EOL] alloc_vmap_area();[EOL]  spin_lock(&vn->busy.lock)[EOL]                                    spin_lock_bh(&some_lock);[EOL]   <interrupt occurs>[EOL]   <in softirq>[EOL]   spin_lock(&some_lock);[EOL]                                    <access invalid address>[EOL]                                    kasan_report();[EOL]                                     print_report();[EOL]                                      print_address_description();[EOL]                                       kasan_find_vm_area();[EOL]                                        find_vm_area();[EOL]                                         spin_lock(&vn->busy.lock) // deadlock![EOL][EOL]To prevent possible deadlock while kasan reports, remove kasan_find_vm_area().

CREATE(Triage):(User=pbi-cn) [CVE-2025-38510 (https://nvd.nist.gov/vuln/detail/CVE-2025-38510)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube