In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_serial: Fix race condition in TTY wakeup
A race condition occurs when gs_start_io() calls either gs_start_rx() or
gs_start_tx(), as those functions briefly drop the port_lock for
usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear
port.tty and port_usb, respectively.
Use the null-safe TTY Port helper function to wake up TTY.
Example
CPU1: CPU2:
gserial_connect() // lock
gs_close() // await lock
gs_start_rx() // unlock
usb_ep_queue()
gs_close() // lock, reset port.tty and unlock
gs_start_rx() // lock
tty_wakeup() // NPE
Metrics
Affected Vendors & Products
References
History
Tue, 29 Jul 2025 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-476 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Sat, 26 Jul 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Vendors & Products |
Linux
Linux linux Kernel |
Fri, 25 Jul 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively. Use the null-safe TTY Port helper function to wake up TTY. Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port.tty and unlock gs_start_rx() // lock tty_wakeup() // NPE | |
Title | usb: gadget: u_serial: Fix race condition in TTY wakeup | |
References |
|
|

Status: PUBLISHED
Assigner: Linux
Published: 2025-07-25T15:27:30.040Z
Updated: 2025-07-28T04:22:33.351Z
Reserved: 2025-04-16T04:51:24.018Z
Link: CVE-2025-38448

No data.

Status : Awaiting Analysis
Published: 2025-07-25T16:15:30.317
Modified: 2025-07-29T14:14:55.157
Link: CVE-2025-38448
