CVE-2025-38141
Description
In the Linux kernel, the following vulnerability has been resolved:dm: fix dm_blk_report_zonesIf dm_get_live_table() returned null, dm_put_live_table() was nevercalled. Also, it is possible that md->zone_revalidate_map will changewhile calling this function. Only read it once, so that we are alwaysusing the same value. Otherwise we might miss a call todm_put_live_table().Finally, while md->zone_revalidate_map is set and a process is callingblk_revalidate_disk_zones() to set up the zone append emulationresources, it is possible that another process, perhaps triggered byblkdev_report_zones_ioctl(), will call dm_blk_report_zones(). Ifblk_revalidate_disk_zones() fails, these resources can be freed whilethe other process is still using them, causing a use-after-free error.blk_revalidate_disk_zones() will only ever be called when initiallysetting up the zone append emulation resources, such as when setting upa zoned dm-crypt table for the first time. Further table swaps will notset md->zone_revalidate_map or call blk_revalidate_disk_zones().However it must be called using the new table (referenced bymd->zone_revalidate_map) and the new queue limits while the DM device issuspended. dm_blk_report_zones() needs some way to distinguish between acall from blk_revalidate_disk_zones(), which must be allowed to usemd->zone_revalidate_map to access this not yet activated table, and allother calls to dm_blk_report_zones(), which should not be allowed whilethe device is suspended and cannot use md->zone_revalidate_map, sincethe zone resources might be freed by the process currently callingblk_revalidate_disk_zones().Solve this by tracking the process that sets md->zone_revalidate_map indm_revalidate_zones() and only allowing that process to make use of itin dm_blk_report_zones().
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234