Bug 2390372 (CVE-2025-38653) - CVE-2025-38653 kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
Summary: CVE-2025-38653 kernel: proc: use the same treatment to check proc_lseek as on...
Keywords:
Status: NEW
Alias: CVE-2025-38653
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-22 17:03 UTC by OSIDB Bzimport
Modified: 2026-06-04 14:53 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:21209 0 None None None 2026-05-27 01:42:48 UTC
Red Hat Product Errata RHSA-2026:21556 0 None None None 2026-05-28 01:23:53 UTC
Red Hat Product Errata RHSA-2026:23224 0 None None None 2026-06-04 12:16:21 UTC
Red Hat Product Errata RHSA-2026:23329 0 None None None 2026-06-04 14:53:28 UTC

Description OSIDB Bzimport 2025-08-22 17:03:21 UTC 
In the Linux kernel, the following vulnerability has been resolved:

proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. 
It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in
proc_get_inode()").  Followed by AI Viro's suggestion, fix it in same
manner.
Comment 1 Alexander B 2025-08-25 10:29:07 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025082238-CVE-2025-38653-35ba@gregkh/T
Comment 4 errata-xmlrpc 2026-05-27 01:42:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:21209 https://access.redhat.com/errata/RHSA-2026:21209
Comment 5 errata-xmlrpc 2026-05-28 01:23:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:21556 https://access.redhat.com/errata/RHSA-2026:21556
Comment 6 errata-xmlrpc 2026-06-04 12:16:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:23224 https://access.redhat.com/errata/RHSA-2026:23224
Comment 7 errata-xmlrpc 2026-06-04 14:53:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:23329 https://access.redhat.com/errata/RHSA-2026:23329
Note You need to log in before you can comment on or make changes to this bug.