CVE-2025-38172
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid using multiple devices with different type
For multiple devices, both primary and extra devices should be the
same type. erofs_init_device has already guaranteed that if the
primary is a file-backed device, extra devices should also be
regular files.
However, if the primary is a block device while the extra device
is a file-backed device, erofs_init_device will get an ENOTBLK,
which is not treated as an error in erofs_fc_get_tree, and that
leads to an UAF:
erofs_fc_get_tree get_tree_bdev_flags(erofs_fc_fill_super) erofs_read_superblock erofs_init_device // sbi->dif0 is not inited yet, // return -ENOTBLK deactivate_locked_super free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filp_open() // sbi UAF
So if -ENOTBLK is hitted in erofs_init_device, it means the
primary device must be a block device, and the extra device
is not a block device. The error can be converted to -EINVAL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | fb176750266a3d7f42ebdcf28e8ba40350b27847 < 65115472f741ca000d7ea4a5922214f93cd1516e | affected |
| Linux | Linux | fb176750266a3d7f42ebdcf28e8ba40350b27847 < cd04beb9ce2773a16057248bb4fa424068ae3807 | affected |
| Linux | Linux | fb176750266a3d7f42ebdcf28e8ba40350b27847 < 9748f2f54f66743ac77275c34886a9f890e18409 | affected |
| Linux | Linux | 6.12 | affected |
| Linux | Linux | 0 < 6.12 | unaffected |
| Linux | Linux | 6.12.34 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.3 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/65115472f741ca000d7ea4a5922214f93cd1516e
- https://git.kernel.org/stable/c/cd04beb9ce2773a16057248bb4fa424068ae3807
- https://git.kernel.org/stable/c/9748f2f54f66743ac77275c34886a9f890e18409
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.