CVE-2025-38182

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-38182

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38182.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38182

Downstream

BELL-CVE-2025-38182

DEBIAN-CVE-2025-38182

ECHO-b080-e9b8-e4fa

MINI-7w62-44pq-mhh7

OESA-2025-1823

OESA-2025-1824

OESA-2025-1870

ROOT-OS-DEBIAN-12-CVE-2025-38182

ROOT-OS-UBUNTU-2404-CVE-2025-38182

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:02996-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:03023-1

SUSE-SU-2025:20577-1

SUSE-SU-2025:20586-1

SUSE-SU-2025:20601-1

SUSE-SU-2025:20602-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

openSUSE-SU-2025:20081-1

Related

Published

2025-07-04T13:37:09.637Z

Modified

2026-03-23T05:00:07.143689435Z

Summary

ublk: santizize the arguments from userspace when adding a device

Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: santizize the arguments from userspace when adding a device

Sanity check the values for queue depth and number of queues we get from userspace when adding a device.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38182.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

71f28f3136aff5890cd56de78abc673f8393cad9

Fixed

3162d8235c8c4d585525cee8a59d1c180940a968

Fixed

0f8df5d6f25ac17c52a8bc6418e60a3e63130550

Fixed

e2b2b7cf6368580114851cb3932f2ad9fbf23386

Fixed

8c8472855884355caf3d8e0c50adf825f83454b2

Affected versions

v5.*

v5.19

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.15.3

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.9

v6.6.90

v6.6.91

v6.6.92

v6.6.93

v6.6.94

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38182.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "drivers/block/ublk_drv.c",
            "function": "ublk_ctrl_add_dev"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e2b2b7cf6368580114851cb3932f2ad9fbf23386",
        "deprecated": false,
        "digest": {
            "function_hash": "110024789926336721835561241321161993421",
            "length": 3211.0
        },
        "id": "CVE-2025-38182-942b8193",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "80173720803793118707242190831596863291",
                "290672608980350687586320652758428899938",
                "198172525471098860495492099041213067792"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e2b2b7cf6368580114851cb3932f2ad9fbf23386",
        "id": "CVE-2025-38182-ae8bac8b",
        "target": {
            "file": "drivers/block/ublk_drv.c"
        },
        "signature_type": "Line",
        "deprecated": false
    }
]