Detection of Error Condition Without Action The advisory has been revoked - it doesn't affect any version of package libperf (opens in a new tab)
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL10-LIBPERF-11211256
- published30 Jul 2025
- disclosed3 Jul 2025
Introduced: 3 Jul 2025
CVE-2025-38172 (opens in a new tab)Amendment
The Red Hat security team deemed this advisory irrelevant for RHEL:10.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libperf package and not the libperf package as distributed by RHEL.
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid using multiple devices with different type
For multiple devices, both primary and extra devices should be the
same type. erofs_init_device has already guaranteed that if the
primary is a file-backed device, extra devices should also be
regular files.
However, if the primary is a block device while the extra device
is a file-backed device, erofs_init_device will get an ENOTBLK,
which is not treated as an error in erofs_fc_get_tree, and that
leads to an UAF:
erofs_fc_get_tree get_tree_bdev_flags(erofs_fc_fill_super) erofs_read_superblock erofs_init_device // sbi->dif0 is not inited yet, // return -ENOTBLK deactivate_locked_super free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filp_open() // sbi UAF
So if -ENOTBLK is hitted in erofs_init_device, it means the
primary device must be a block device, and the extra device
is not a block device. The error can be converted to -EINVAL.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2376072
- https://access.redhat.com/security/cve/CVE-2025-38172
- https://access.redhat.com/errata/RHSA-2026:1727
- https://access.redhat.com/errata/RHSA-2026:2721
- https://git.kernel.org/stable/c/65115472f741ca000d7ea4a5922214f93cd1516e
- https://git.kernel.org/stable/c/9748f2f54f66743ac77275c34886a9f890e18409
- https://git.kernel.org/stable/c/cd04beb9ce2773a16057248bb4fa424068ae3807