CVE-2025-38140

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2025
Last modified:
03/07/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm: limit swapping tables for devices with zone write plugs<br /> <br /> dm_revalidate_zones() only allowed new or previously unzoned devices to<br /> call blk_revalidate_disk_zones(). If the device was already zoned,<br /> disk-&gt;nr_zones would always equal md-&gt;nr_zones, so dm_revalidate_zones()<br /> returned without doing any work. This would make the zoned settings for<br /> the device not match the new table. If the device had zone write plug<br /> resources, it could run into errors like bdev_zone_is_seq() reading<br /> invalid memory because disk-&gt;conv_zones_bitmap was the wrong size.<br /> <br /> If the device doesn&amp;#39;t have any zone write plug resources, calling<br /> blk_revalidate_disk_zones() will always correctly update device. If<br /> blk_revalidate_disk_zones() fails, it can still overwrite or clear the<br /> current disk-&gt;nr_zones value. In this case, DM must restore the previous<br /> value of disk-&gt;nr_zones, so that the zoned settings will continue to<br /> match the previous value that it fell back to.<br /> <br /> If the device already has zone write plug resources,<br /> blk_revalidate_disk_zones() will not correctly update them, if it is<br /> called for arbitrary zoned device changes. Since there is not much need<br /> for this ability, the easiest solution is to disallow any table reloads<br /> that change the zoned settings, for devices that already have zone plug<br /> resources. Specifically, if a device already has zone plug resources<br /> allocated, it can only switch to another zoned table that also emulates<br /> zone append. Also, it cannot change the device size or the zone size. A<br /> device can switch to an error target.

Impact