Linux Kernel Vulnerability in AOE Device Handling
CVE-2025-38326

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
10 July 2025

What is CVE-2025-38326?

A vulnerability in the Linux kernel related to the handling of AOE device requests has been identified. When an AOE device is taken offline, the rq_list, which contains accepted block requests awaiting transmission, was not properly cleared. This oversight leads to a scenario where the blk_mq_freeze_queue() function may block indefinitely, resulting in a system hang due to unprocessed requests. The implemented fix ensures that the request queue is cleaned before the freezing operation is executed, thus preventing potential system hangs.

Affected Version(s)

Linux 3582dd291788e9441c3ba9047e55089edb98da5c

Linux 3582dd291788e9441c3ba9047e55089edb98da5c < 64fc0bad62ed38874131dd0337d844a43bd1017e

Linux 3582dd291788e9441c3ba9047e55089edb98da5c

References

https://git.kernel.org/stable/c/ed52e9652ba41d362e9ec9230...
https://git.kernel.org/stable/c/64fc0bad62ed38874131dd033...
https://git.kernel.org/stable/c/ef0b5bbbed7f220db2e9c7342...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38326 : Linux Kernel Vulnerability in AOE Device Handling