Linux Kernel Vulnerability in dm Cache Policy for Device Mapping Failures
CVE-2025-38066

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38066?

A vulnerability exists in the Linux kernel affecting the dm cache mechanism, where a cache device may fail to resume due to mapping errors. When attempting to load cache mappings after a failed resume operation, the system risks triggering a critical error, denoted by the BUG_ON assertion. This situation arises when the cache metadata encompasses partially initialized policy objects, leaving the system vulnerable to operational disruptions. The issue has been addressed by preventing retries on resume operations when initial attempts fail, thereby mitigating the risks associated with incomplete cache policies.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 025c8f477625eb39006ded650e7d027bcfb20e79

References

https://git.kernel.org/stable/c/c614584c2a66b538f469089ac...

https://git.kernel.org/stable/c/c5356a5e80442131e2714d0d2...

https://git.kernel.org/stable/c/025c8f477625eb39006ded650...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025