CVE-2025-38326

aoe: clean device rq_list in aoedev_downdev()

Description

In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blk_mq. However, the queue was not cleaned out when an aoe device is downed which caused blk_mq_freeze_queue() to sleep indefinitely waiting for those requests to complete, causing a hang. This fix cleans out the queue before calling blk_mq_freeze_queue().

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ed52e9652ba41d362e9ec923077f6da23336f269
https://git.kernel.org/stable/c/64fc0bad62ed38874131dd0337d844a43bd1017e
https://git.kernel.org/stable/c/ef0b5bbbed7f220db2e9c73428f9a36e8dfc69ca
https://git.kernel.org/stable/c/531aef4a1accb13b21a3b82ec29955f4733367d5
https://git.kernel.org/stable/c/8662ac79a63488e279b91c12a72b02bc0dc49f7b
https://git.kernel.org/stable/c/fa2a79f0da92614c5dc45c8b3d2638681c7734ee
https://git.kernel.org/stable/c/00be74e1470af292c37a438b8e69dee47dcbf481
https://git.kernel.org/stable/c/7f90d45e57cb2ef1f0adcaf925ddffdfc5e680ca

Frequently Asked Questions

What is the severity of CVE-2025-38326?
CVE-2025-38326 has not yet been assigned a CVSS score.
How to fix CVE-2025-38326?
To fix CVE-2025-38326, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38326 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38326 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38326?
CVE-2025-38326 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.