### [CVE-2025-38131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38131)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.15%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=f8cce2ff3c04361b8843d8489620fda8880f668b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:coresight: prevent deactivate active config while enabling the configWhile enable active config via cscfg_csdev_enable_active_config(),active config could be deactivated via configfs' sysfs interface.This could make UAF issue in below scenario:CPU0                                          CPU1(sysfs enable)                                load module                                              cscfg_load_config_sets()                                              activate config. // sysfs                                              (sys_active_cnt == 1)...cscfg_csdev_enable_active_config()lock(csdev->cscfg_csdev_lock)// here load config activate by CPU1unlock(csdev->cscfg_csdev_lock)                                              deactivate config // sysfs                                              (sys_activec_cnt == 0)                                              cscfg_unload_config_sets()                                              unload module// access to config_desc which freed// while unloading module.cscfg_csdev_enable_configTo address this, use cscfg_config_desc's active_cnt as a reference count which will be holded when    - activate the config.    - enable the activated config.and put the module reference when config_active_cnt == 0.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security