CVE-2025-38182

Published: July 7, 2025Last modified: July 7, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device.

Severity score breakdown

Parameter	Value
Base score	7.8
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Vulnerable (6.1.141-r0)
	25 LTS	linux-lts	Fixed (6.12.41-r0)
	Stream	linux-lts	Fixed (6.12.41-r0)

References

https://git.kernel.org/stable/c/0f8df5d6f25ac17c52a8bc6418e60a3e63130550
https://git.kernel.org/stable/c/3162d8235c8c4d585525cee8a59d1c180940a968
https://git.kernel.org/stable/c/8c8472855884355caf3d8e0c50adf825f83454b2
https://git.kernel.org/stable/c/e2b2b7cf6368580114851cb3932f2ad9fbf23386