Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]drbd: add missing kref_get in handle_write_conflicts[EOL][EOL]With `two-primaries` enabled, DRBD tries to detect "concurrent" writes[EOL]and handle write conflicts, so that even if you write to the same sector[EOL]simultaneously on both nodes, they end up with the identical data once[EOL]the writes are completed.[EOL][EOL]In handling "superseeded" writes, we forgot a kref_get,[EOL]resulting in a premature drbd_destroy_device and use after free,[EOL]and further to kernel crashes with symptoms.[EOL][EOL]Relevance: No one should use DRBD as a random data generator, and apparently[EOL]all users of "two-primaries" handle concurrent writes correctly on layer up.[EOL]That is cluster file systems use some distributed lock manager,[EOL]and live migration in virtualization environments stops writes on one node[EOL]before starting writes on the other node.[EOL][EOL]Which means that other than for "test cases",[EOL]this code path is never taken in real life.[EOL][EOL]FYI, in DRBD 9, things are handled differently nowadays. We still detect[EOL]"write conflicts", but no longer try to be smart about them.[EOL]We decided to disconnect hard instead: upper layers must not submit concurrent[EOL]writes. If they do, that's their fault.
CREATE(Triage):(User=admin) [CVE-2025-38708 (https://nvd.nist.gov/vuln/detail/CVE-2025-38708)
