CVE-2025-38172

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38172
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38172.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38172
Downstream
Published
2025-07-03T09:15:32Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: avoid using multiple devices with different type

For multiple devices, both primary and extra devices should be the same type. erofs_init_device has already guaranteed that if the primary is a file-backed device, extra devices should also be regular files.

However, if the primary is a block device while the extra device is a file-backed device, erofs_init_device will get an ENOTBLK, which is not treated as an error in erofs_fc_get_tree, and that leads to an UAF:

erofsfcgettree gettreebdevflags(erofsfcfillsuper) erofsreadsuperblock erofsinitdevice // sbi->dif0 is not inited yet, // return -ENOTBLK deactivatelockedsuper free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filpopen() // sbi UAF

So if -ENOTBLK is hitted in erofs_init_device, it means the primary device must be a block device, and the extra device is not a block device. The error can be converted to -EINVAL.

References

Affected packages