CVE-2025-38066

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for this issue

Description A vulnerability in the Linux kernel has been identified, where a cache device failing to resume due to mapping errors could trigger a BUG ON when reloading cache mappings into an incomplete policy object. This issue can be reproduced by creating a cache metadata with 512 or more cache blocks, simulating data degradation, and attempting to resume the cache device. The vulnerability can cause an unexpected BUG ON while loading cache mappings.

Recommendations For Linux kernel versions prior to the version containing the fix for this issue, consider applying the fix that disallows resume operations for devices that failed the initial attempt to prevent the BUG ON. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-617

Related Identifiers

AZL-63938

BDU:2025-12241

CVE-2025-38066

DLA-4327-1

DLA-4328-1

DSA-5973-1

ECHO-645F-1C60-853E

OESA-2025-2120

OESA-2025-2121

OESA-2025-2122

USN-7704-1

USN-7704-2

USN-7704-3

USN-7704-4

USN-7704-5

USN-7711-1

USN-7712-1

USN-7712-2

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38066

Weakness Enumeration

Related Identifiers

Affected Products

References · 1473