| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091221-CVE-2025-39792-5efd@gregkh> Date: Fri, 12 Sep 2025 17:59:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39792: dm: Always split write BIOs to zoned device limits From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dm: Always split write BIOs to zoned device limits Any zoned DM target that requires zone append emulation will use the block layer zone write plugging. In such case, DM target drivers must not split BIOs using dm_accept_partial_bio() as doing so can potentially lead to deadlocks with queue freeze operations. Regular write operations used to emulate zone append operations also cannot be split by the target driver as that would result in an invalid writen sector value return using the BIO sector. In order for zoned DM target drivers to avoid such incorrect BIO splitting, we must ensure that large BIOs are split before being passed to the map() function of the target, thus guaranteeing that the limits for the mapped device are not exceeded. dm-crypt and dm-flakey are the only target drivers supporting zoned devices and using dm_accept_partial_bio(). In the case of dm-crypt, this function is used to split BIOs to the internal max_write_size limit (which will be suppressed in a different patch). However, since crypt_alloc_buffer() uses a bioset allowing only up to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device max_segments limit, which is not set and so default to BLK_MAX_SEGMENTS (128), must thus be respected and write BIOs split accordingly. In the case of dm-flakey, since zone append emulation is not required, the block layer zone write plugging is not used and no splitting of BIOs required. Modify the function dm_zone_bio_needs_split() to use the block layer helper function bio_needs_zone_write_plugging() to force a call to bio_split_to_limits() in dm_split_and_process_bio(). This allows DM target drivers to avoid using dm_accept_partial_bio() for write operations on zoned DM devices. The Linux kernel CVE team has assigned CVE-2025-39792 to this issue. Affected and fixed versions =========================== Issue introduced in 6.10 with commit f211268ed1f9bdf48f06a3ead5f5d88437450579 and fixed in 6.12.43 with commit d10bf66d9f9335ffc7521b3029b114f50604cabe Issue introduced in 6.10 with commit f211268ed1f9bdf48f06a3ead5f5d88437450579 and fixed in 6.15.11 with commit f5dd256333c08ab44b5aec4a8118cb04c0f20c54 Issue introduced in 6.10 with commit f211268ed1f9bdf48f06a3ead5f5d88437450579 and fixed in 6.16.2 with commit 4e9fef1cf0243d665d75c371cc80be6156cd30a2 Issue introduced in 6.10 with commit f211268ed1f9bdf48f06a3ead5f5d88437450579 and fixed in 6.17-rc1 with commit 2df7168717b7d2d32bcf017c68be16e4aae9dd13 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39792 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/dm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d10bf66d9f9335ffc7521b3029b114f50604cabe https://git.kernel.org/stable/c/f5dd256333c08ab44b5aec4a8118cb04c0f20c54 https://git.kernel.org/stable/c/4e9fef1cf0243d665d75c371cc80be6156cd30a2 https://git.kernel.org/stable/c/2df7168717b7d2d32bcf017c68be16e4aae9dd13
Powered by blists - more mailing lists