CVE-2025-38326
MEDIUMLinux Kernel 4.20-6.15.4 - DoS via ATA over Ethernet Device Downtime
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blk_mq. However, the queue was not cleaned out when an aoe device is downed which caused blk_mq_freeze_queue() to sleep indefinitely waiting for those requests to complete, causing a hang. This fix cleans out the queue before calling blk_mq_freeze_queue().
References (10)
Core 10
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
20.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (28)
debian/debian_linux
11.0
linux/Kernel
4.20.0 - 5.4.295linux
linux/Kernel
5.11.0 - 5.15.186linux
linux/Kernel
5.16.0 - 6.1.142linux
linux/Kernel
5.5.0 - 5.10.239linux
linux/Kernel
6.13.0 - 6.15.4linux
linux/Kernel
6.2.0 - 6.6.95linux
linux/Kernel
6.7.0 - 6.12.35linux
Linux/Linux
< 4.20
Linux/Linux
3582dd291788e9441c3ba9047e55089edb98da5c - 00be74e1470af292c37a438b8e69dee47dcbf481
... and 18 more
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026