Acknowledged
Created: Jun 9, 2025
Updated: Jun 13, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]can: bcm: add missing rcu read protection for procfs content[EOL][EOL]When the procfs content is generated for a bcm_op which is in the process[EOL]to be removed the procfs output might show unreliable data (UAF).[EOL][EOL]As the removal of bcm_op's is already implemented with rcu handling this[EOL]patch adds the missing rcu_read_lock() and makes sure the list entries[EOL]are properly removed under rcu protection.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38003 (https://nvd.nist.gov/vuln/detail/CVE-2025-38003)
