Use-After-Free Vulnerability in Linux Kernel Affecting Device Mapper

CVE-2025-38141

What is CVE-2025-38141?

In the Linux kernel, a vulnerability exists within the device mapper component that can lead to a use-after-free condition. This issue arises when the function dm_get_live_table() returns NULL, preventing the proper release of resources via dm_put_live_table(). During normal operations, if the zone revalidation is modified while one process attempts to set up zone append emulation resources, another concurrent process may trigger the dm_blk_report_zones() function. If the resource allocation fails, the resources may be freed prematurely while still being accessed by another process. This situation necessitates careful handling of process tracking for accessing shared resources to avoid potential conflicts, ultimately enhancing the stability and security of the system.

References