CVE-2025-38445

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: Fix stack memory use after return in raid1_reshape

In the raid1_reshape function, newpool is
allocated on the stack and assigned to conf->r1bio_pool.
This results in conf->r1bio_pool.wait.head pointing
to a stack address.
Accessing this address later can lead to a kernel panic.

Example access path:

raid1_reshape()
{
	// newpool is on the stack
	mempool_t newpool, oldpool;
	// initialize newpool.wait.head to stack address
	mempool_init(&newpool, ...);
	conf->r1bio_pool = newpool;
}

raid1_read_request() or raid1_write_request()
{
	alloc_r1bio()
	{
		mempool_alloc()
		{
			// if pool->alloc fails
			remove_element()
			{
				--pool->curr_nr;
			}
		}
	}
}

mempool_free()
{
	if (pool->curr_nr < pool->min_nr) {
		// pool->wait.head is a stack address
		// wake_up() will try to access this invalid address
		// which leads to a kernel panic
		return;
		wake_up(&pool->wait);
	}
}

Fix:
reinit conf->r1bio_pool.wait after assigning newpool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.3-1
fixed
sid
6.16.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux-hwe
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
not-affected
trusty
dne
linux-hwe-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-hwe-5.8
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.11
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.15
plucky
dne
noble
dne
jammy
dne
focal
pending
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.11
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-edge
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-lts-xenial
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
not-affected
linux-kvm
plucky
dne
noble
dne
jammy
pending
focal
ignored
bionic
not-affected
xenial
not-affected
trusty
dne
linux-allwinner-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.0
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.3
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.8
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.11
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-hwe
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
not-affected
trusty
dne
linux-azure
plucky
needed
noble
needed
jammy
pending
focal
ignored
bionic
ignored
xenial
not-affected
trusty
not-affected
linux-azure-4.15
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-azure-5.3
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-azure-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-azure-5.8
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.11
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.11
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde
plucky
dne
noble
dne
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde-5.15
plucky
dne
noble
dne
jammy
dne
focal
not-affected
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-nvidia
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-bluefield
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-edge
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-fips
plucky
dne
noble
dne
jammy
pending
focal
needed
bionic
not-affected
xenial
not-affected
trusty
dne
linux-aws-fips
plucky
dne
noble
dne
jammy
pending
focal
needed
bionic
not-affected
xenial
dne
trusty
dne
linux-azure-fips
plucky
dne
noble
dne
jammy
pending
focal
needed
bionic
not-affected
xenial
dne
trusty
dne
linux-gcp-fips
plucky
dne
noble
dne
jammy
pending
focal
needed
bionic
not-affected
xenial
dne
trusty
dne
linux-gcp
plucky
needed
noble
needed
jammy
pending
focal
ignored
bionic
ignored
xenial
not-affected
trusty
dne
linux-gcp-4.15
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-gcp-5.3
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gcp-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gcp-5.8
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.11
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.11
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gke
plucky
dne
noble
needed
jammy
needed
focal
ignored
bionic
dne
xenial
ignored
trusty
dne
linux-gke-4.15
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gke-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gke-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gkeop
plucky
dne
noble
needed
jammy
pending
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gkeop-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gkeop-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-ibm
plucky
dne
noble
needed
jammy
pending
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-ibm-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-ibm-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-ibm-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-intel-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-intel-iotg
plucky
dne
noble
dne
jammy
pending
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-intel-iotg-5.15
plucky
dne
noble
dne
jammy
dne
focal
pending
bionic
dne
xenial
dne
trusty
dne
linux-iot
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-intel-iot-realtime
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency
plucky
dne
noble
needed
jammy
pending
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-5.15
plucky
dne
noble
dne
jammy
dne
focal
pending
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.11
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia
plucky
dne
noble
needed
jammy
pending
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-lowlatency
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-tegra
plucky
dne
noble
needed
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-tegra-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-tegra-igx
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.0
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.3
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.8
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.11
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.15
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oracle-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oracle-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-oem-5.6
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.10
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.13
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.14
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.17
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.0
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.1
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.8
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.11
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-raspi2
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-raspi-5.4
plucky
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-raspi-realtime
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv
plucky
needed
noble
ignored
jammy
ignored
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.8
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.11
plucky
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.15
plucky
dne
noble
dne
jammy
dne
focal
pending
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-5.19
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-6.2
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-6.5
plucky
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-xilinx-zynqmp
plucky
dne
noble
dne
jammy
pending
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux
plucky
needed
noble
needed
jammy
pending
focal
ignored
bionic
not-affected
xenial
not-affected
trusty
not-affected
linux-aws
plucky
needed
noble
needed
jammy
pending
focal
ignored
bionic
not-affected
xenial
not-affected
trusty
not-affected
linux-oracle
plucky
needed
noble
needed
jammy
pending
focal
ignored
bionic
not-affected
xenial
not-affected
trusty
dne
linux-raspi
plucky
needed
noble
needed
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-realtime
plucky
needed
noble
needed
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-intel
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.11
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-realtime-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-realtime-6.8
plucky
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/12b00ec99624f8da8c325f2dd6e807df26df0025
https://git.kernel.org/stable/c/48da050b4f54ed639b66278d0ae6f4107b2c4e2d
https://git.kernel.org/stable/c/5f35e48b76655e45522df338876dfef88dafcc71
https://git.kernel.org/stable/c/61fd5e93006cf82ec8ee5c115ab5cf4bbd104bdb
https://git.kernel.org/stable/c/776e6186dc9ecbdb8a1b706e989166c8a99bbf64
https://git.kernel.org/stable/c/d67ed2ccd2d1dcfda9292c0ea8697a9d0f2f0d98
https://git.kernel.org/stable/c/d8a6853d00fbaa810765c8ed2f452a5832273968
https://git.kernel.org/stable/c/df5894014a92ff0196dbc212a7764e97366fd2b7