[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-38172":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":54,"related":55,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":72,"kevs":87,"epss":88,"epss_history":91,"metrics":351,"affected":357},"CVE-2025-38172","In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: avoid using multiple devices with different type\n\nFor multiple devices, both primary and extra devices should be the\nsame type. `erofs_init_device` has already guaranteed that if the\nprimary is a file-backed device, extra devices should also be\nregular files.\n\nHowever, if the primary is a block device while the extra device\nis a file-backed device, `erofs_init_device` will get an ENOTBLK,\nwhich is not treated as an error in `erofs_fc_get_tree`, and that\nleads to an UAF:\n\n  erofs_fc_get_tree\n    get_tree_bdev_flags(erofs_fc_fill_super)\n      erofs_read_superblock\n        erofs_init_device  // sbi->dif0 is not inited yet,\n                           // return -ENOTBLK\n      deactivate_locked_super\n        free(sbi)\n    if (err is -ENOTBLK)\n      sbi->dif0.file = filp_open()  // sbi UAF\n\nSo if -ENOTBLK is hitted in `erofs_init_device`, it means the\nprimary device must be a block device, and the extra device\nis not a block device. The error can be converted to -EINVAL.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52],{"_key":25},"USN-7770-1",{"_key":27},"USN-7789-2",{"_key":29},"SUSE-SU-2025:21074-1",{"_key":31},"SUSE-SU-2025:21139-1",{"_key":33},"SUSE-SU-2025:21179-1",{"_key":35},"OPENSUSE-SU-2025:20081-1",{"_key":37},"RHSA-2026:2721",{"_key":39},"DEBIAN-CVE-2025-38172",{"_key":41},"RHSA-2026:1727",{"_key":43},"UBUNTU-CVE-2025-38172",{"_key":45},"USN-7769-1",{"_key":47},"USN-7769-2",{"_key":49},"USN-7769-3",{"_key":51},"USN-7771-1",{"_key":53},"USN-7789-1",[],[56,57,58,59],{"_key":29},{"_key":31},{"_key":33},{"_key":35},"2025-07-03T08:36:10.334Z","2026-05-11T21:22:39.180Z","Analyzed",{"cisa_kev":64,"cisa_ransomware":64,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":62},false,"low",0.00052,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[73,79,83],{"url":74,"sources":75,"tags":77},"https://git.kernel.org/stable/c/65115472f741ca000d7ea4a5922214f93cd1516e",[76,70],"cve.org",[78],"Patch",{"url":80,"sources":81,"tags":82},"https://git.kernel.org/stable/c/cd04beb9ce2773a16057248bb4fa424068ae3807",[76,70],[78],{"url":84,"sources":85,"tags":86},"https://git.kernel.org/stable/c/9748f2f54f66743ac77275c34886a9f890e18409",[76,70],[78],[],{"date":89,"score":66,"percentile":90},"2026-06-04",0.16494,[92,96,99,102,105,107,110,113,116,119,122,125,128,131,134,137,140,143,147,150,153,156,159,162,165,168,172,175,178,181,184,187,190,193,196,199,202,205,209,212,215,218,221,224,227,229,231,234,237,240,243,246,249,251,254,256,258,260,263,265,268,271,273,276,279,281,283,286,289,292,295,298,300,303,306,309,312,315,317,319,322,324,327,330,332,336,339,342,345,348],{"date":93,"score":94,"percentile":95},"2025-11-04",0.00032,0.08272,{"date":97,"score":94,"percentile":98},"2025-11-05",0.08283,{"date":100,"score":94,"percentile":101},"2025-11-06",0.08401,{"date":103,"score":94,"percentile":104},"2025-11-07",0.0842,{"date":106,"score":94,"percentile":104},"2025-11-08",{"date":108,"score":94,"percentile":109},"2025-11-09",0.08388,{"date":111,"score":94,"percentile":112},"2025-11-10",0.08347,{"date":114,"score":94,"percentile":115},"2025-11-11",0.08373,{"date":117,"score":94,"percentile":118},"2025-11-12",0.08408,{"date":120,"score":94,"percentile":121},"2025-11-13",0.08452,{"date":123,"score":94,"percentile":124},"2025-11-14",0.08501,{"date":126,"score":94,"percentile":127},"2025-11-15",0.08528,{"date":129,"score":94,"percentile":130},"2025-11-16",0.0854,{"date":132,"score":94,"percentile":133},"2025-11-17",0.08538,{"date":135,"score":94,"percentile":136},"2025-11-18",0.05018,{"date":138,"score":94,"percentile":139},"2025-11-19",0.05052,{"date":141,"score":94,"percentile":142},"2025-11-20",0.05102,{"date":144,"score":145,"percentile":146},"2025-11-21",0.00022,0.04908,{"date":148,"score":145,"percentile":149},"2025-11-22",0.04919,{"date":151,"score":145,"percentile":152},"2025-11-23",0.04911,{"date":154,"score":145,"percentile":155},"2025-11-24",0.04896,{"date":157,"score":145,"percentile":158},"2025-11-25",0.04907,{"date":160,"score":145,"percentile":161},"2025-11-26",0.04944,{"date":163,"score":145,"percentile":164},"2025-11-27",0.04963,{"date":166,"score":145,"percentile":167},"2025-11-28",0.04949,{"date":169,"score":170,"percentile":171},"2025-11-29",0.00011,0.00974,{"date":173,"score":170,"percentile":174},"2025-11-30",0.00885,{"date":176,"score":170,"percentile":177},"2025-12-01",0.00907,{"date":179,"score":170,"percentile":180},"2025-12-02",0.00902,{"date":182,"score":170,"percentile":183},"2025-12-03",0.00904,{"date":185,"score":170,"percentile":186},"2025-12-04",0.0089,{"date":188,"score":170,"percentile":189},"2025-12-05",0.00896,{"date":191,"score":170,"percentile":192},"2025-12-06",0.00897,{"date":194,"score":170,"percentile":195},"2025-12-07",0.00903,{"date":197,"score":170,"percentile":198},"2025-12-08",0.00908,{"date":200,"score":170,"percentile":201},"2025-12-09",0.00921,{"date":203,"score":170,"percentile":204},"2025-12-10",0.00931,{"date":206,"score":207,"percentile":208},"2025-12-11",0.00012,0.01404,{"date":210,"score":207,"percentile":211},"2025-12-12",0.01408,{"date":213,"score":207,"percentile":214},"2025-12-13",0.01395,{"date":216,"score":207,"percentile":217},"2025-12-14",0.01387,{"date":219,"score":207,"percentile":220},"2025-12-15",0.01383,{"date":222,"score":207,"percentile":223},"2025-12-16",0.01389,{"date":225,"score":207,"percentile":226},"2025-12-17",0.01392,{"date":228,"score":207,"percentile":220},"2025-12-18",{"date":230,"score":207,"percentile":217},"2025-12-19",{"date":232,"score":207,"percentile":233},"2025-12-20",0.01388,{"date":235,"score":207,"percentile":236},"2025-12-21",0.01398,{"date":238,"score":207,"percentile":239},"2025-12-22",0.014,{"date":241,"score":207,"percentile":242},"2025-12-23",0.01399,{"date":244,"score":207,"percentile":245},"2025-12-24",0.01402,{"date":247,"score":207,"percentile":248},"2025-12-25",0.01406,{"date":250,"score":207,"percentile":211},"2025-12-26",{"date":252,"score":207,"percentile":253},"2025-12-27",0.01403,{"date":255,"score":207,"percentile":245},"2025-12-28",{"date":257,"score":207,"percentile":226},"2025-12-29",{"date":259,"score":207,"percentile":233},"2025-12-30",{"date":261,"score":207,"percentile":262},"2025-12-31",0.01385,{"date":264,"score":207,"percentile":248},"2026-01-01",{"date":266,"score":207,"percentile":267},"2026-01-02",0.01409,{"date":269,"score":207,"percentile":270},"2026-01-03",0.01412,{"date":272,"score":207,"percentile":220},"2026-01-04",{"date":274,"score":207,"percentile":275},"2026-01-05",0.01391,{"date":277,"score":207,"percentile":278},"2026-01-06",0.01386,{"date":280,"score":207,"percentile":275},"2026-01-07",{"date":282,"score":207,"percentile":248},"2026-01-08",{"date":284,"score":207,"percentile":285},"2026-01-09",0.01421,{"date":287,"score":207,"percentile":288},"2026-01-10",0.01432,{"date":290,"score":207,"percentile":291},"2026-01-11",0.0143,{"date":293,"score":207,"percentile":294},"2026-01-12",0.01415,{"date":296,"score":207,"percentile":297},"2026-01-13",0.01413,{"date":299,"score":207,"percentile":294},"2026-01-14",{"date":301,"score":207,"percentile":302},"2026-01-15",0.01426,{"date":304,"score":207,"percentile":305},"2026-01-16",0.01435,{"date":307,"score":207,"percentile":308},"2026-01-17",0.01438,{"date":310,"score":207,"percentile":311},"2026-01-18",0.0145,{"date":313,"score":207,"percentile":314},"2026-01-19",0.01439,{"date":316,"score":207,"percentile":302},"2026-01-20",{"date":318,"score":207,"percentile":285},"2026-01-21",{"date":320,"score":207,"percentile":321},"2026-01-22",0.01424,{"date":323,"score":207,"percentile":308},"2026-01-23",{"date":325,"score":207,"percentile":326},"2026-01-24",0.01444,{"date":328,"score":207,"percentile":329},"2026-01-25",0.01443,{"date":331,"score":207,"percentile":314},"2026-01-26",{"date":333,"score":334,"percentile":335},"2026-01-27",0.00014,0.0191,{"date":337,"score":334,"percentile":338},"2026-01-28",0.01912,{"date":340,"score":334,"percentile":341},"2026-01-29",0.01929,{"date":343,"score":334,"percentile":344},"2026-01-30",0.01931,{"date":346,"score":334,"percentile":347},"2026-01-31",0.01952,{"date":349,"score":334,"percentile":350},"2026-02-01",0.01981,[352],{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":353,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":354,"vectorString":71,"impactScore":355,"exploitabilityScore":356},"HIGH",9.8,4.6,[358,378],{"ecosystem":9,"name":359,"vendor":360,"product":360,"cpe_part":361,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":362},"Linux","linux","a",[363,370,373,376],{"version":364,"is_range":365,"range_type":76,"version_start":366,"version_start_type":367,"version_end":368,"version_end_type":369,"fixed_in":9},">= fb176750266a3d7f42ebdcf28e8ba40350b27847, \u003C 65115472f741ca000d7ea4a5922214f93cd1516e",true,"fb176750266a3d7f42ebdcf28e8ba40350b27847","including","65115472f741ca000d7ea4a5922214f93cd1516e","excluding",{"version":371,"is_range":365,"range_type":76,"version_start":366,"version_start_type":367,"version_end":372,"version_end_type":369,"fixed_in":9},">= fb176750266a3d7f42ebdcf28e8ba40350b27847, \u003C cd04beb9ce2773a16057248bb4fa424068ae3807","cd04beb9ce2773a16057248bb4fa424068ae3807",{"version":374,"is_range":365,"range_type":76,"version_start":366,"version_start_type":367,"version_end":375,"version_end_type":369,"fixed_in":9},">= fb176750266a3d7f42ebdcf28e8ba40350b27847, \u003C 9748f2f54f66743ac77275c34886a9f890e18409","9748f2f54f66743ac77275c34886a9f890e18409",{"version":377,"is_range":64,"range_type":76,"version_start":377,"version_start_type":367,"version_end":377,"version_end_type":367,"fixed_in":9},"6.12",{"ecosystem":9,"name":379,"vendor":360,"product":380,"cpe_part":381,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":382},"linux kernel","linux_kernel","o",[383,387],{"version":384,"is_range":365,"range_type":385,"version_start":377,"version_start_type":367,"version_end":386,"version_end_type":369,"fixed_in":9},"gte6.12_lt6.12.34","cpe","6.12.34",{"version":388,"is_range":365,"range_type":385,"version_start":389,"version_start_type":367,"version_end":390,"version_end_type":369,"fixed_in":9},"gte6.13_lt6.15.3","6.13","6.15.3"]