Race Condition Vulnerability in Linux Kernel Affecting Block Device Management
CVE-2025-38073

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2025-38073?

A race condition vulnerability in the Linux kernel can cause a system crash due to a conflict between block size operations and concurrent reading processes. When a block device's block size is modified while another process is attempting to read from it, the kernel may attempt to schedule reads without properly referencing the block device. This can lead to NULL references and crashes. The issue arises especially when large sector size support is enabled, impacting overall system stability. Proper locking mechanisms must be enforced during updates to ensure safe operations across all concurrent processes.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 64f505b08e0cfd8163491c8c082d4f47a88e51d4

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8c5cf440a378801d313eb58be996fdc81a8878a4

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/64f505b08e0cfd8163491c8c0...
https://git.kernel.org/stable/c/8c5cf440a378801d313eb58be...
https://git.kernel.org/stable/c/c0e473a0d226479e8e925d5ba...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38073 : Race Condition Vulnerability in Linux Kernel Affecting Block Device Management