Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]loop: Avoid updating block size under exclusive owner[EOL][EOL]Syzbot came up with a reproducer where a loop device block size is[EOL]changed underneath a mounted filesystem. This causes a mismatch between[EOL]the block device block size and the block size stored in the superblock[EOL]causing confusion in various places such as fs/buffer.c. The particular[EOL]issue triggered by syzbot was a warning in __getblk_slow() due to[EOL]requested buffer size not matching block device block size.[EOL][EOL]Fix the problem by getting exclusive hold of the loop device to change[EOL]its block size. This fails if somebody (such as filesystem) has already[EOL]an exclusive ownership of the block device and thus prevents modifying[EOL]the loop device under some exclusive owner which doesn't expect it.
CREATE(Triage):(User=admin) [CVE-2025-38709 (https://nvd.nist.gov/vuln/detail/CVE-2025-38709)
