CVE-2025-38140 — Incorrect Calculation of Buffer Size in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 3
Latest updateDec 3
Description
In the Linux kernel, the following vulnerability has been resolved:
dm: limit swapping tables for devices with zone write plugs
dm_revalidate_zones() only allowed new or previously unzoned devices to
call blk_revalidate_disk_zones(). If the device was already zoned,
disk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones()
returned without doing any work. This would make the zoned settings for
the device not match the new table. If the device had zone write plug
resources, it co…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages17 packages
Patches
🔴Vulnerability Details
9OSV▶
linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities↗2025-12-03