CVE-2025-38140
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2025
Last modified:
03/07/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
dm: limit swapping tables for devices with zone write plugs<br />
<br />
dm_revalidate_zones() only allowed new or previously unzoned devices to<br />
call blk_revalidate_disk_zones(). If the device was already zoned,<br />
disk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones()<br />
returned without doing any work. This would make the zoned settings for<br />
the device not match the new table. If the device had zone write plug<br />
resources, it could run into errors like bdev_zone_is_seq() reading<br />
invalid memory because disk->conv_zones_bitmap was the wrong size.<br />
<br />
If the device doesn&#39;t have any zone write plug resources, calling<br />
blk_revalidate_disk_zones() will always correctly update device. If<br />
blk_revalidate_disk_zones() fails, it can still overwrite or clear the<br />
current disk->nr_zones value. In this case, DM must restore the previous<br />
value of disk->nr_zones, so that the zoned settings will continue to<br />
match the previous value that it fell back to.<br />
<br />
If the device already has zone write plug resources,<br />
blk_revalidate_disk_zones() will not correctly update them, if it is<br />
called for arbitrary zoned device changes. Since there is not much need<br />
for this ability, the easiest solution is to disallow any table reloads<br />
that change the zoned settings, for devices that already have zone plug<br />
resources. Specifically, if a device already has zone plug resources<br />
allocated, it can only switch to another zoned table that also emulates<br />
zone append. Also, it cannot change the device size or the zone size. A<br />
device can switch to an error target.