CVE-2025-38141

EPSS 0.03%
Published 03.07.2025 08:35:42
Last modified 03.07.2025 15:13:53
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

dm: fix dm_blk_report_zones

If dm_get_live_table() returned NULL, dm_put_live_table() was never
called. Also, it is possible that md->zone_revalidate_map will change
while calling this function. Only read it once, so that we are always
using the same value. Otherwise we might miss a call to
dm_put_live_table().

Finally, while md->zone_revalidate_map is set and a process is calling
blk_revalidate_disk_zones() to set up the zone append emulation
resources, it is possible that another process, perhaps triggered by
blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If
blk_revalidate_disk_zones() fails, these resources can be freed while
the other process is still using them, causing a use-after-free error.

blk_revalidate_disk_zones() will only ever be called when initially
setting up the zone append emulation resources, such as when setting up
a zoned dm-crypt table for the first time. Further table swaps will not
set md->zone_revalidate_map or call blk_revalidate_disk_zones().
However it must be called using the new table (referenced by
md->zone_revalidate_map) and the new queue limits while the DM device is
suspended. dm_blk_report_zones() needs some way to distinguish between a
call from blk_revalidate_disk_zones(), which must be allowed to use
md->zone_revalidate_map to access this not yet activated table, and all
other calls to dm_blk_report_zones(), which should not be allowed while
the device is suspended and cannot use md->zone_revalidate_map, since
the zone resources might be freed by the process currently calling
blk_revalidate_disk_zones().

Solve this by tracking the process that sets md->zone_revalidate_map in
dm_revalidate_zones() and only allowing that process to make use of it
in dm_blk_report_zones().

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < f9c1bdf24615303d48a2d0fd629c88f3189563aa

Version f211268ed1f9bdf48f06a3ead5f5d88437450579

Status affected

Version < d19bc1b4dd5f322980b1f05f79b2ea4f0db10920

Version f211268ed1f9bdf48f06a3ead5f5d88437450579

Status affected

Version < 37f53a2c60d03743e0eacf7a0c01c279776fef4e

Version f211268ed1f9bdf48f06a3ead5f5d88437450579

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.10

Status affected

Version < 6.10

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.34

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.052

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/f9c1bdf24615303d48a2d0fd629c88f3189563aa

https://git.kernel.org/stable/c/d19bc1b4dd5f322980b1f05f79b2ea4f0db10920

https://git.kernel.org/stable/c/37f53a2c60d03743e0eacf7a0c01c279776fef4e

https://nvd.nist.gov/vuln/detail/CVE-2025-38141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38141

EUVD