CVE-2025-38708

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the DRBD module related to handling write conflicts when two-primaries is enabled. A missing kref get in the handle write conflicts function can lead to premature destruction of the device and a use-after-free condition, potentially resulting in kernel crashes. The issue occurs when handling "superseeded" writes. The vulnerability is unlikely to be triggered in real-world scenarios, as it primarily affects test cases or configurations where concurrent writes are not properly managed by upper layers like cluster file systems or virtualization environments. In DRBD 9, the handling of write conflicts has been modified to disconnect hard instead of attempting to resolve them, shifting the responsibility for managing concurrent writes to the upper layers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.