CVE-2025-38708
published 2025-09-04CVE-2025-38708: In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
drbd: add missing kref_get in handle_write_conflicts
With `two-primaries` enabled, DRBD tries to detect "concurrent" writes
and handle write conflicts, so that even if you write to the same sector
simultaneously on both nodes, they end up with the identical data once
the writes are completed.
In handling "superseeded" writes, we forgot a kref_get,
resulting in a premature drbd_destroy_device and use after free,
and further to kernel crashes with symptoms.
Relevance: No one should use DRBD as a random data generator, and apparently
all users of "two-primaries" handle concurrent writes correctly on layer up.
That is cluster file systems use some distributed lock manager,
and live migration in virtualization environments stops writes on one node
before starting writes on the other node.
Which means that other than for "test cases",
this code path is never taken in real life.
FYI, in DRBD 9, things are handled differently nowadays. We still detect
"write conflicts", but no longer try to be smart about them.
We decided to disconnect hard instead: upper layers must not submit concurrent
writes. If they do, that's their fault.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 0336bfe9c237476bd7c45605a36ca79c2bca62e5 | 0336bfe9c237476bd7c45605a36ca79c2bca62e5 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 810cd546a29bfac90ed1328ea01d693d4bd11cb1 | 810cd546a29bfac90ed1328ea01d693d4bd11cb1 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 84ef8dd3238330d1795745ece83b19f0295751bf | 84ef8dd3238330d1795745ece83b19f0295751bf |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 57418de35420cedab035aa1da8a26c0499b7f575 | 57418de35420cedab035aa1da8a26c0499b7f575 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 9f53b2433ad248cd3342cc345f56f5c7904bd8c4 | 9f53b2433ad248cd3342cc345f56f5c7904bd8c4 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 7d483ad300fc0a06f69b019dda8f74970714baf8 | 7d483ad300fc0a06f69b019dda8f74970714baf8 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 46e3763dcae0ffcf8fcfaff4fc10a90a92ffdd89 | 46e3763dcae0ffcf8fcfaff4fc10a90a92ffdd89 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 3a896498f6f577e57bf26aaa93b48c22b6d20c20 | 3a896498f6f577e57bf26aaa93b48c22b6d20c20 |
| linux | linux | >= 668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 < 00c9c9628b49e368d140cfa61d7df9b8922ec2a8 | 00c9c9628b49e368d140cfa61d7df9b8922ec2a8 |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 4.5 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.11 | 6.15.11 |
| linux | linux_kernel | >= 6.16 < 6.16.2 | 6.16.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH