CVE-2025-38172

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: avoid using multiple devices with different type<br /> <br /> For multiple devices, both primary and extra devices should be the<br /> same type. `erofs_init_device` has already guaranteed that if the<br /> primary is a file-backed device, extra devices should also be<br /> regular files.<br /> <br /> However, if the primary is a block device while the extra device<br /> is a file-backed device, `erofs_init_device` will get an ENOTBLK,<br /> which is not treated as an error in `erofs_fc_get_tree`, and that<br /> leads to an UAF:<br /> <br /> erofs_fc_get_tree<br /> get_tree_bdev_flags(erofs_fc_fill_super)<br /> erofs_read_superblock<br /> erofs_init_device // sbi-&gt;dif0 is not inited yet,<br /> // return -ENOTBLK<br /> deactivate_locked_super<br /> free(sbi)<br /> if (err is -ENOTBLK)<br /> sbi-&gt;dif0.file = filp_open() // sbi UAF<br /> <br /> So if -ENOTBLK is hitted in `erofs_init_device`, it means the<br /> primary device must be a block device, and the extra device<br /> is not a block device. The error can be converted to -EINVAL.