Stack Memory Vulnerability in Linux Kernel's RAID1 Functionality
CVE-2025-38445

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38445?

A vulnerability identified in the Linux Kernel's RAID1 functionality can lead to critical system instability due to improper handling of stack memory. In the raid1_reshape function, newpool is allocated on the stack and erroneously assigned to conf->r1bio_pool. This issue exposes the system to a scenario where accessing the wait.head of r1bio_pool could reference an invalid stack address, ultimately resulting in a kernel panic when subsequent operations attempt to access this memory. Proper reassignment of memory pool structures is necessary to mitigate potential crashes.

Affected Version(s)

Linux afeee514ce7f4cab605beedd03be71ebaf0c5fc8

Linux afeee514ce7f4cab605beedd03be71ebaf0c5fc8 < 12b00ec99624f8da8c325f2dd6e807df26df0025

Linux afeee514ce7f4cab605beedd03be71ebaf0c5fc8 < 48da050b4f54ed639b66278d0ae6f4107b2c4e2d

References

https://git.kernel.org/stable/c/d8a6853d00fbaa810765c8ed2...

https://git.kernel.org/stable/c/12b00ec99624f8da8c325f2dd...

https://git.kernel.org/stable/c/48da050b4f54ed639b66278d0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025