CVE-2025-38172
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38172
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38172.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38172
- Downstream
- Published
- 2025-07-03T08:36:10Z
- Modified
- 2025-10-10T12:19:12.336576Z
- Summary
- erofs: avoid using multiple devices with different type
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid using multiple devices with different type
For multiple devices, both primary and extra devices should be the same type.
erofs_init_devicehas already guaranteed that if the primary is a file-backed device, extra devices should also be regular files.However, if the primary is a block device while the extra device is a file-backed device,
erofs_init_devicewill get an ENOTBLK, which is not treated as an error inerofs_fc_get_tree, and that leads to an UAF:erofsfcgettree gettreebdevflags(erofsfcfillsuper) erofsreadsuperblock erofsinitdevice // sbi->dif0 is not inited yet, // return -ENOTBLK deactivatelockedsuper free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filpopen() // sbi UAF
So if -ENOTBLK is hitted in
erofs_init_device, it means the primary device must be a block device, and the extra device is not a block device. The error can be converted to -EINVAL. - References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb176750266a3d7f42ebdcf28e8ba40350b27847Fixed65115472f741ca000d7ea4a5922214f93cd1516e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb176750266a3d7f42ebdcf28e8ba40350b27847Fixedcd04beb9ce2773a16057248bb4fa424068ae3807
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb176750266a3d7f42ebdcf28e8ba40350b27847Fixed9748f2f54f66743ac77275c34886a9f890e18409