{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38416", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.014Z", "datePublished": "2025-07-25T14:00:17.849Z", "dateUpdated": "2025-11-03T17:37:47.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T04:21:30.827Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty->disc_data only in success path\n\nSetting tty->disc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty->disc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty->disc_data won't be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty->disc_data=NULL\" in nci_uart_tty_open()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/nci/uart.c"], "versions": [{"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "a514fca2b8e95838a3ba600f31a18fa60b76d893", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "000bfbc6bc334a93fffca8f5aa9583e7b6356cb5", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "ac6992f72bd8e22679c1e147ac214de6a7093c23", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "dc7722619a9c307e9938d735cf4a2210d3d48dcb", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "a8acc7080ad55c5402a1b818b3008998247dda87", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "55c3dbd8389636161090a2b2b6d2d709b9602e9c", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "e9799db771b2d574d5bf0dfb3177485e5f40d4d6", "status": "affected", "versionType": "git"}, {"version": "9961127d4bce6325e9a0b0fb105e0c85a6c62cb7", "lessThan": "fc27ab48904ceb7e4792f0c400f1ef175edf16fe", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/nci/uart.c"], "versions": [{"version": "4.2", "status": "affected"}, {"version": "0", "lessThan": "4.2", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.295", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.239", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.186", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.142", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.95", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.35", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.4", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.4.295"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.10.239"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.15.186"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.1.142"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.6.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.12.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.15.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a514fca2b8e95838a3ba600f31a18fa60b76d893"}, {"url": "https://git.kernel.org/stable/c/000bfbc6bc334a93fffca8f5aa9583e7b6356cb5"}, {"url": "https://git.kernel.org/stable/c/ac6992f72bd8e22679c1e147ac214de6a7093c23"}, {"url": "https://git.kernel.org/stable/c/dc7722619a9c307e9938d735cf4a2210d3d48dcb"}, {"url": "https://git.kernel.org/stable/c/a8acc7080ad55c5402a1b818b3008998247dda87"}, {"url": "https://git.kernel.org/stable/c/55c3dbd8389636161090a2b2b6d2d709b9602e9c"}, {"url": "https://git.kernel.org/stable/c/e9799db771b2d574d5bf0dfb3177485e5f40d4d6"}, {"url": "https://git.kernel.org/stable/c/fc27ab48904ceb7e4792f0c400f1ef175edf16fe"}], "title": "NFC: nci: uart: Set tty->disc_data only in success path", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:37:47.815Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "963AC76E-7248-4EA1-BE0D-A7B2CD5F14F9", "versionEndExcluding": "5.4.295", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3D14F4C-A21E-465D-A928-5CCE684E2B98", "versionEndExcluding": "5.10.239", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D96F2C0D-0D4A-4658-AD34-D8A626EA422D", "versionEndExcluding": "5.15.186", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "459B4E94-FE0E-434D-B782-95E3A5FFC6B1", "versionEndExcluding": "6.1.142", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E01853-7048-4D78-9479-9AEE41AC8456", "versionEndExcluding": "6.6.95", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E569FD34-0076-4428-BE17-EECCF867611C", "versionEndExcluding": "6.12.35", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFD174C5-1AA2-4671-BDDC-1A9FCC753655", "versionEndExcluding": "6.15.4", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty->disc_data only in success path\n\nSetting tty->disc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty->disc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty->disc_data won't be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty->disc_data=NULL\" in nci_uart_tty_open()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFC: nci: uart: Establecer tty->disc_data solo en la ruta correcta. Configurar tty->disc_data antes de abrir el dispositivo NCI implica la necesidad de eliminar las rutas de error. Esto tambi\u00e9n genera una peque\u00f1a ventana de tiempo si el dispositivo comienza a enviar datos, incluso antes de que NCIUARTSETDRIVER IOCTL se haya ejecutado correctamente (\u00bfhardware da\u00f1ado?). Esta ventana se cierra exponiendo tty->disc_data solo en la ruta correcta cuando se abre el dispositivo NCI y try_module_get() se ejecuta correctamente. El c\u00f3digo difiere en la ruta de error en un aspecto: tty->disc_data nunca se asignar\u00e1, por lo que se convierte en NULL. Sin embargo, esta diferencia no deber\u00eda ser relevante, debido a \"tty->disc_data=NULL\" en nci_uart_tty_open()."}], "id": "CVE-2025-38416", "lastModified": "2025-12-23T18:45:10.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-25T14:15:33.373", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/000bfbc6bc334a93fffca8f5aa9583e7b6356cb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/55c3dbd8389636161090a2b2b6d2d709b9602e9c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a514fca2b8e95838a3ba600f31a18fa60b76d893"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a8acc7080ad55c5402a1b818b3008998247dda87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac6992f72bd8e22679c1e147ac214de6a7093c23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc7722619a9c307e9938d735cf4a2210d3d48dcb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e9799db771b2d574d5bf0dfb3177485e5f40d4d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fc27ab48904ceb7e4792f0c400f1ef175edf16fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: NFC: nci: uart: Set tty->disc_data only in success path", "id": "2383454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383454"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nNFC: nci: uart: Set tty->disc_data only in success path\nSetting tty->disc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty->disc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\nThe code differs in error path in one aspect: tty->disc_data won't be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty->disc_data=NULL\" in nci_uart_tty_open()."], "name": "CVE-2025-38416", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38416\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38416\nhttps://lore.kernel.org/linux-cve-announce/2025072511-CVE-2025-38416-e4bb@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-26T12:07:33.195709+00:00", "updated": "2025-07-26T12:07:33.195786+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}