Zoned Device Management Issue in Linux Kernel Affecting Multiple Platforms
CVE-2025-38140

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38140?

The vulnerability in the Linux kernel pertains to zoned device management where the dm_revalidate_zones() function inadequately processes devices with existing zone write plug resources. This flaw can lead to mismatched zoned settings and potential errors when accessing disk zones, impacting system stability and data integrity. Instead of allowing arbitrary changes, the solution restricts table reloads that could modify the zoned settings for devices with allocated zone plug resources, ensuring that only compatible configurations are utilized.

Affected Version(s)

Linux bb37d77239af25cde59693dbe3fac04dd17d7b29

Linux bb37d77239af25cde59693dbe3fac04dd17d7b29 < 121218bef4c1df165181f5cd8fc3a2246bac817e

Linux 5.14

References

https://git.kernel.org/stable/c/ac8acb0bfd98a1c65f3ca9a3e...

https://git.kernel.org/stable/c/121218bef4c1df165181f5cd8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025