CVE-2025-38445

Updated: 2026-02-08 03:26:51.919232

Description:

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1_reshape In the raid1_reshape function, newpool is allocated on the stack and assigned to conf->r1bio_pool. This results in conf->r1bio_pool.wait.head pointing to a stack address. Accessing this address later can lead to a kernel panic. Example access path: raid1_reshape() { // newpool is on the stack mempool_t newpool, oldpool; // initialize newpool.wait.head to stack address mempool_init(&newpool, ...); conf->r1bio_pool = newpool; } raid1_read_request() or raid1_write_request() { alloc_r1bio() { mempool_alloc() { // if pool->alloc fails remove_element() { --pool->curr_nr; } } } } mempool_free() { if (pool->curr_nr < pool->min_nr) { // pool->wait.head is a stack address // wake_up() will try to access this invalid address // which leads to a kernel panic return; wake_up(&pool->wait); } } Fix: reinit conf->r1bio_pool.wait after assigning newpool.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.1 HIGH Released CLSA-2026:1768663754 2026-01-17 19:46:54
CentOS 8.4 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2026:1768774361 2026-01-19 09:44:54
CentOS 8.5 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2026:1768775579 2026-01-19 09:44:55
CentOS Stream 8 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2026:1770032032 2026-02-02 15:17:01
Oracle Linux 7 ELS kernel 3.10.0 7.1 HIGH Needs Triage 2025-12-16 16:55:33
Oracle Linux 7 ELS kernel-uek 5.4.17 7.1 HIGH Released CLSA-2025:1764085382 2025-11-25 20:35:35
TuxCare 9.6 ESU kernel 5.14.0 7.1 HIGH In Testing 2026-02-05 12:52:46
Ubuntu 20.04 ELS linux 5.4.0 7.1 HIGH In Testing 2026-02-03 16:03:04