DEBIAN-CVE-2025-38172

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-38172
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38172.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-38172
Upstream
Published
2025-07-03T09:15:32Z
Modified
2025-09-25T04:39:55.778398Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. erofs_init_device has already guaranteed that if the primary is a file-backed device, extra devices should also be regular files. However, if the primary is a block device while the extra device is a file-backed device, erofs_init_device will get an ENOTBLK, which is not treated as an error in erofs_fc_get_tree, and that leads to an UAF: erofsfcgettree gettreebdevflags(erofsfcfillsuper) erofsreadsuperblock erofsinitdevice // sbi->dif0 is not inited yet, // return -ENOTBLK deactivatelockedsuper free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filpopen() // sbi UAF So if -ENOTBLK is hitted in erofs_init_device, it means the primary device must be a block device, and the extra device is not a block device. The error can be converted to -EINVAL.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.35-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.35-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}