-

CVE-2025-38445

EPSS 0.04%
Veröffentlicht 25.07.2025 16:15:29
Zuletzt bearbeitet 29.07.2025 14:14:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: Fix stack memory use after return in raid1_reshape

In the raid1_reshape function, newpool is
allocated on the stack and assigned to conf->r1bio_pool.
This results in conf->r1bio_pool.wait.head pointing
to a stack address.
Accessing this address later can lead to a kernel panic.

Example access path:

raid1_reshape()
{
	// newpool is on the stack
	mempool_t newpool, oldpool;
	// initialize newpool.wait.head to stack address
	mempool_init(&newpool, ...);
	conf->r1bio_pool = newpool;
}

raid1_read_request() or raid1_write_request()
{
	alloc_r1bio()
	{
		mempool_alloc()
		{
			// if pool->alloc fails
			remove_element()
			{
				--pool->curr_nr;
			}
		}
	}
}

mempool_free()
{
	if (pool->curr_nr < pool->min_nr) {
		// pool->wait.head is a stack address
		// wake_up() will try to access this invalid address
		// which leads to a kernel panic
		return;
		wake_up(&pool->wait);
	}
}

Fix:
reinit conf->r1bio_pool.wait after assigning newpool.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d8a6853d00fbaa810765c8ed2f452a5832273968

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < 12b00ec99624f8da8c325f2dd6e807df26df0025

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < 48da050b4f54ed639b66278d0ae6f4107b2c4e2d

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < 5f35e48b76655e45522df338876dfef88dafcc71

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < df5894014a92ff0196dbc212a7764e97366fd2b7

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < 776e6186dc9ecbdb8a1b706e989166c8a99bbf64

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < 61fd5e93006cf82ec8ee5c115ab5cf4bbd104bdb

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

Version < d67ed2ccd2d1dcfda9292c0ea8697a9d0f2f0d98

Version afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.18

Status affected

Version < 4.18

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.296

Status unaffected

Version <= 5.10.*

Version 5.10.240

Status unaffected

Version <= 5.15.*

Version 5.15.189

Status unaffected

Version <= 6.1.*

Version 6.1.146

Status unaffected

Version <= 6.6.*

Version 6.6.99

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/12b00ec99624f8da8c325f2dd6e807df26df0025

https://git.kernel.org/stable/c/48da050b4f54ed639b66278d0ae6f4107b2c4e2d

https://git.kernel.org/stable/c/5f35e48b76655e45522df338876dfef88dafcc71

https://git.kernel.org/stable/c/61fd5e93006cf82ec8ee5c115ab5cf4bbd104bdb

https://git.kernel.org/stable/c/776e6186dc9ecbdb8a1b706e989166c8a99bbf64

https://git.kernel.org/stable/c/d67ed2ccd2d1dcfda9292c0ea8697a9d0f2f0d98

https://git.kernel.org/stable/c/d8a6853d00fbaa810765c8ed2f452a5832273968

https://git.kernel.org/stable/c/df5894014a92ff0196dbc212a7764e97366fd2b7

https://nvd.nist.gov/vuln/detail/CVE-2025-38445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38445

EUVD