CVE-2025-38620

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a use-after-free issue within the zloop module. When a zoned loop device (zloop device) is removed, the blk mq free tag set() function accesses memory that has already been freed, leading to a kernel bug reported by KASAN (Kernel Address Sanitizer). Specifically, the zloop ctl remove() function calls put disk(), which then invokes zloop free disk(). zloop free disk() frees the memory associated with the zlo pointer. Subsequently, zloop ctl remove() calls blk mq free tag set(&zlo->tag set), attempting to access the freed zlo memory.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.