CVE-2025-38140

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A vulnerability in the Linux kernel has been resolved, related to the device-mapper (dm) and its handling of zoned devices with zone write plugs. The issue arises when the dm revalidate zones() function fails to correctly update the zoned settings for a device, potentially leading to errors due to invalid memory access. The vulnerability is related to the blk revalidate disk zones() function, which may not correctly update the device's zoned settings if the device already has zone write plug resources. The estimated number of potentially affected devices worldwide is not available.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

AZL-64595

AZL-70642

BDU:2025-14093

CVE-2025-38140

ECHO-DAA6-BAC5-6971

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-38140

Weakness Enumeration

Related Identifiers

Affected Products

References · 1471