Unrated severityNVD Advisory· Published Jul 3, 2025· Updated Jul 28, 2025

erofs: avoid using multiple devices with different type

CVE-2025-38172

Description

In the Linux kernel, the following vulnerability has been resolved:

For multiple devices, both primary and extra devices should be the same type. erofs_init_device has already guaranteed that if the primary is a file-backed device, extra devices should also be regular files.

However, if the primary is a block device while the extra device is a file-backed device, erofs_init_device will get an ENOTBLK, which is not treated as an error in erofs_fc_get_tree, and that leads to an UAF:

erofs_fc_get_tree get_tree_bdev_flags(erofs_fc_fill_super) erofs_read_superblock erofs_init_device // sbi->dif0 is not inited yet, // return -ENOTBLK deactivate_locked_super free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filp_open() // sbi UAF

So if -ENOTBLK is hitted in erofs_init_device, it means the primary device must be a block device, and the extra device is not a block device. The error can be converted to -EINVAL.

Affected products

113

Linux/erofsllm-fuzzy
osv-coords111 versions
pkg:rpm/almalinux/kernel pkg:rpm/almalinux/kernel-64k pkg:rpm/almalinux/kernel-64k-core pkg:rpm/almalinux/kernel-64k-debug pkg:rpm/almalinux/kernel-64k-debug-core pkg:rpm/almalinux/kernel-64k-debug-devel pkg:rpm/almalinux/kernel-64k-debug-devel-matched pkg:rpm/almalinux/kernel-64k-debug-modules pkg:rpm/almalinux/kernel-64k-debug-modules-core pkg:rpm/almalinux/kernel-64k-debug-modules-extra pkg:rpm/almalinux/kernel-64k-devel pkg:rpm/almalinux/kernel-64k-devel-matched pkg:rpm/almalinux/kernel-64k-modules pkg:rpm/almalinux/kernel-64k-modules-core pkg:rpm/almalinux/kernel-64k-modules-extra pkg:rpm/almalinux/kernel-abi-stablelists pkg:rpm/almalinux/kernel-core pkg:rpm/almalinux/kernel-cross-headers pkg:rpm/almalinux/kernel-debug pkg:rpm/almalinux/kernel-debug-core pkg:rpm/almalinux/kernel-debug-devel pkg:rpm/almalinux/kernel-debug-devel-matched pkg:rpm/almalinux/kernel-debug-modules pkg:rpm/almalinux/kernel-debug-modules-core pkg:rpm/almalinux/kernel-debug-modules-extra pkg:rpm/almalinux/kernel-debug-uki-virt pkg:rpm/almalinux/kernel-devel pkg:rpm/almalinux/kernel-devel-matched pkg:rpm/almalinux/kernel-doc pkg:rpm/almalinux/kernel-headers pkg:rpm/almalinux/kernel-modules pkg:rpm/almalinux/kernel-modules-core pkg:rpm/almalinux/kernel-modules-extra pkg:rpm/almalinux/kernel-modules-extra-matched pkg:rpm/almalinux/kernel-rt pkg:rpm/almalinux/kernel-rt-64k pkg:rpm/almalinux/kernel-rt-64k-core pkg:rpm/almalinux/kernel-rt-64k-debug pkg:rpm/almalinux/kernel-rt-64k-debug-core pkg:rpm/almalinux/kernel-rt-64k-debug-devel pkg:rpm/almalinux/kernel-rt-64k-debug-modules pkg:rpm/almalinux/kernel-rt-64k-debug-modules-core pkg:rpm/almalinux/kernel-rt-64k-debug-modules-extra pkg:rpm/almalinux/kernel-rt-64k-devel pkg:rpm/almalinux/kernel-rt-64k-modules pkg:rpm/almalinux/kernel-rt-64k-modules-core pkg:rpm/almalinux/kernel-rt-64k-modules-extra pkg:rpm/almalinux/kernel-rt-core pkg:rpm/almalinux/kernel-rt-debug pkg:rpm/almalinux/kernel-rt-debug-core pkg:rpm/almalinux/kernel-rt-debug-devel pkg:rpm/almalinux/kernel-rt-debug-modules pkg:rpm/almalinux/kernel-rt-debug-modules-core pkg:rpm/almalinux/kernel-rt-debug-modules-extra pkg:rpm/almalinux/kernel-rt-devel pkg:rpm/almalinux/kernel-rt-modules pkg:rpm/almalinux/kernel-rt-modules-core pkg:rpm/almalinux/kernel-rt-modules-extra pkg:rpm/almalinux/kernel-tools pkg:rpm/almalinux/kernel-tools-libs pkg:rpm/almalinux/kernel-tools-libs-devel pkg:rpm/almalinux/kernel-uki-virt pkg:rpm/almalinux/kernel-uki-virt-addons pkg:rpm/almalinux/kernel-zfcpdump pkg:rpm/almalinux/kernel-zfcpdump-core pkg:rpm/almalinux/kernel-zfcpdump-devel pkg:rpm/almalinux/kernel-zfcpdump-devel-matched pkg:rpm/almalinux/kernel-zfcpdump-modules pkg:rpm/almalinux/kernel-zfcpdump-modules-core pkg:rpm/almalinux/kernel-zfcpdump-modules-extra pkg:rpm/almalinux/libperf pkg:rpm/almalinux/perf pkg:rpm/almalinux/python3-perf pkg:rpm/almalinux/rtla pkg:rpm/almalinux/rv pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2016.0 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2016.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 6.12.0-124.38.1.el10_1+ 110 more
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-124.38.1.el10_1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.12.0-160000.6.1.160000.2.4
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
- (no CPE)range: < 6.12.0-160000.6.1
Linux/Linuxcpe-rescue
Range: 6.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000