{"id":"CVE-2025-38141","summary":"dm: fix dm_blk_report_zones","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix dm_blk_report_zones\n\nIf dm_get_live_table() returned NULL, dm_put_live_table() was never\ncalled. Also, it is possible that md-\u003ezone_revalidate_map will change\nwhile calling this function. Only read it once, so that we are always\nusing the same value. Otherwise we might miss a call to\ndm_put_live_table().\n\nFinally, while md-\u003ezone_revalidate_map is set and a process is calling\nblk_revalidate_disk_zones() to set up the zone append emulation\nresources, it is possible that another process, perhaps triggered by\nblkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If\nblk_revalidate_disk_zones() fails, these resources can be freed while\nthe other process is still using them, causing a use-after-free error.\n\nblk_revalidate_disk_zones() will only ever be called when initially\nsetting up the zone append emulation resources, such as when setting up\na zoned dm-crypt table for the first time. Further table swaps will not\nset md-\u003ezone_revalidate_map or call blk_revalidate_disk_zones().\nHowever it must be called using the new table (referenced by\nmd-\u003ezone_revalidate_map) and the new queue limits while the DM device is\nsuspended. dm_blk_report_zones() needs some way to distinguish between a\ncall from blk_revalidate_disk_zones(), which must be allowed to use\nmd-\u003ezone_revalidate_map to access this not yet activated table, and all\nother calls to dm_blk_report_zones(), which should not be allowed while\nthe device is suspended and cannot use md-\u003ezone_revalidate_map, since\nthe zone resources might be freed by the process currently calling\nblk_revalidate_disk_zones().\n\nSolve this by tracking the process that sets md-\u003ezone_revalidate_map in\ndm_revalidate_zones() and only allowing that process to make use of it\nin dm_blk_report_zones().","modified":"2026-04-02T12:47:49.487615Z","published":"2025-07-03T08:35:42.787Z","related":["ALSA-2026:1143","ALSA-2026:4012","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38141.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/37f53a2c60d03743e0eacf7a0c01c279776fef4e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d19bc1b4dd5f322980b1f05f79b2ea4f0db10920"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9c1bdf24615303d48a2d0fd629c88f3189563aa"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38141.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38141"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f211268ed1f9bdf48f06a3ead5f5d88437450579"},{"fixed":"f9c1bdf24615303d48a2d0fd629c88f3189563aa"},{"fixed":"d19bc1b4dd5f322980b1f05f79b2ea4f0db10920"},{"fixed":"37f53a2c60d03743e0eacf7a0c01c279776fef4e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38141.json"}}],"schema_version":"1.7.5"}