CVE-2025-38326
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's aoe device handling. The aoe device's rq_list, which holds accepted block requests waiting to be sent to the aoe target, was not properly cleared when the device was taken down. Because of this, the blk_mq_freeze_queue() function would wait indefinitely for these requests to complete, causing the system to hang. The fix involves cleaning out the rq_list before calling blk_mq_freeze_queue(), preventing the indefinite wait and system hang.
How can this vulnerability impact me? :
This vulnerability can cause the system to hang indefinitely when an aoe device is taken down, due to the blk_mq_freeze_queue() function waiting forever for block requests to complete. This can lead to system instability or downtime, impacting availability and potentially disrupting operations that rely on the affected device.