PT-2025-27727 · Linux+6 · Linux Kernel+6

Published

2025-04-10

Updated

2026-03-09

CVE-2025-38141

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A vulnerability in the Linux kernel has been resolved, related to the dm blk report zones function. The issue arises when dm get live table() returns NULL, and dm put live table() is not called, potentially leading to a use-after-free error. This error can occur when blk revalidate disk zones() is called to set up zone append emulation resources, and another process calls dm blk report zones() while the resources are being freed. The vulnerability is mitigated by tracking the process that sets md->zone revalidate map in dm revalidate zones() and only allowing that process to use it in dm blk report zones().

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:1143

ALSA-2026:4012

BDU:2025-09635

CVE-2025-38141

OPENSUSE-SU-2025:20081-1

RHSA-2026:1143

RHSA-2026:4011

RHSA-2026:4012

RHSA-2026:6193

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Rocky Linux

Suse

Ubuntu

PT-2025-27727 · Linux+6 · Linux Kernel+6

CVE-2025-38141

Weakness Enumeration

Related Identifiers

Affected Products

References · 1512