Two-Primaries DRBD Vulnerability in Linux Kernel Affecting Data Integrity
CVE-2025-38708

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 September 2025

What is CVE-2025-38708?

A vulnerability exists in the Linux kernel's DRBD where the lack of a required reference count increase ('kref_get') leads to potential use after free errors when handling concurrent writes. This issue is pertinent mainly when the 'two-primaries' feature is enabled. Although designed to manage concurrent writes effectively, the oversight can result in device destruction and subsequent kernel crashes, particularly affecting systems not correctly managing concurrent writes through upper layers. Modern implementations of DRBD in subsequent versions have adjusted their handling of conflicts, simplifying the logic to disconnect on detecting potential issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 0336bfe9c237476bd7c45605a36ca79c2bca62e5

Linux 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 810cd546a29bfac90ed1328ea01d693d4bd11cb1

Linux 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 84ef8dd3238330d1795745ece83b19f0295751bf

References

https://git.kernel.org/stable/c/0336bfe9c237476bd7c45605a...
https://git.kernel.org/stable/c/810cd546a29bfac90ed1328ea...
https://git.kernel.org/stable/c/84ef8dd3238330d1795745ece...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.