CVE-2025-38448: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2025-38448) was discovered in the Linux kernel's USB gadget serial driver (u_serial). The vulnerability was disclosed on July 25, 2025, affecting the TTY wakeup functionality in the USB gadget subsystem (NVD).

The vulnerability occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as these functions briefly drop the port_lock during usb_ep_queue() execution. This temporary lock release creates a race condition that allows gs_close() and gserial_disconnect() to clear port.tty and port_usb respectively, potentially leading to a null pointer dereference (RedHat). The vulnerability has been assigned a CVSS v3.1 base score of 6.2 with attack vector: Local, attack complexity: Low, privileges required: None, user interaction: None, scope: Unchanged, and impact on confidentiality: None, integrity: None, availability: High.

The vulnerability can result in a kernel crash due to null pointer dereference, potentially leading to a local denial of service condition. This affects systems where the USB gadget serial driver is in use (RedHat).

The vulnerability has been patched by implementing a null-safe TTY Port helper function for wakeup operations. The fix involves using tty_port_tty_wakeup() instead of direct TTY access to prevent the race condition (RedHat).