#VU112784 Improper locking in Linux kernel - CVE-2025-38326


Vulnerability identifier: #VU112784

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38326

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/00be74e1470af292c37a438b8e69dee47dcbf481
https://git.kernel.org/stable/c/531aef4a1accb13b21a3b82ec29955f4733367d5
https://git.kernel.org/stable/c/64fc0bad62ed38874131dd0337d844a43bd1017e
https://git.kernel.org/stable/c/7f90d45e57cb2ef1f0adcaf925ddffdfc5e680ca
https://git.kernel.org/stable/c/8662ac79a63488e279b91c12a72b02bc0dc49f7b
https://git.kernel.org/stable/c/ed52e9652ba41d362e9ec923077f6da23336f269
https://git.kernel.org/stable/c/ef0b5bbbed7f220db2e9c73428f9a36e8dfc69ca
https://git.kernel.org/stable/c/fa2a79f0da92614c5dc45c8b3d2638681c7734ee

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP1 update for kernel
openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
Ubuntu update for linux-hwe-6.14
Ubuntu update for linux-gcp-6.14
Ubuntu update for linux-aws-6.14
Anolis OS update for kernel:6.6
Ubuntu update for linux
Ubuntu update for linux-azure
Ubuntu update for linux-realtime-6.14