CVE-2025-38073: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2025-38073) was discovered in the Linux kernel's block subsystem, specifically in the set_blocksize functionality when handling large sector sizes. The vulnerability was disclosed on June 18, 2025, affecting the block device handling mechanism in the Linux kernel (NVD).

The vulnerability occurs when setblocksize can modify iblksize and folio order in a way that conflicts with concurrent readers. The issue manifests when udev-worker calls libblkid to detect block device labels, creating an order-0 folio for reading 4096 bytes. If preempted during this process and another process attempts to mount an 8k-sectorsize filesystem, setblksize updates iblksize to 8192 and minimum folio order to 1, leading to a NULL block device reference and subsequent kernel crash (NVD).

When exploited, this vulnerability results in a kernel crash due to improper handling of block device operations, particularly during concurrent access to block devices with different sector sizes (Wiz).

The fix involves truncating the page cache after flushing but before updating iblksize, along with implementing proper locking mechanisms. Both irwsem and invalidate_lock are taken in exclusive mode for invalidations and shared mode for read/write operations (NVD).