CVE-2025-71161

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm-verity: disable recursive forward error correction<br /> <br /> There are two problems with the recursive correction:<br /> <br /> 1. It may cause denial-of-service. In fec_read_bufs, there is a loop that<br /> has 253 iterations. For each iteration, we may call verity_hash_for_block<br /> recursively. There is a limit of 4 nested recursions - that means that<br /> there may be at most 253^4 (4 billion) iterations. Red Hat QE team<br /> actually created an image that pushes dm-verity to this limit - and this<br /> image just makes the udev-worker process get stuck in the &amp;#39;D&amp;#39; state.<br /> <br /> 2. It doesn&amp;#39;t work. In fec_read_bufs we store data into the variable<br /> "fio-&gt;bufs", but fio bufs is shared between recursive invocations, if<br /> "verity_hash_for_block" invoked correction recursively, it would<br /> overwrite partially filled fio-&gt;bufs.