Security tracker / CVE-2025-38182

CVE-2025-38182

ublk: santizize the arguments from userspace when adding a device

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 71f28f3136af ("ublk_drv: add io_uring based userspace block
 carnil> driver")
 carnil> 62fe99cef94a ("ublk: add read()/write() support for ublk char device").
 carnil> Vulnerable versions: 6.0.

Bugs

Status

Branch	Status
upstream	released (6.16-rc3) [8c8472855884355caf3d8e0c50adf825f83454b2]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.15-upstream-stable	released (6.15.4) [e2b2b7cf6368580114851cb3932f2ad9fbf23386]
6.12-upstream-stable	released (6.12.35) [0f8df5d6f25ac17c52a8bc6418e60a3e63130550]
6.6-upstream-stable	released (6.6.95) [3162d8235c8c4d585525cee8a59d1c180940a968]
6.1-upstream-stable	needed
5.10-upstream-stable	N/A "Vulnerable code not present"
sid	released (6.12.35-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	needed
5.10-bullseye-security	N/A "Vulnerable code not present"