Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-39792

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
12/09/2025
Última modificación:
15/09/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm: Always split write BIOs to zoned device limits<br /> <br /> Any zoned DM target that requires zone append emulation will use the<br /> block layer zone write plugging. In such case, DM target drivers must<br /> not split BIOs using dm_accept_partial_bio() as doing so can potentially<br /> lead to deadlocks with queue freeze operations. Regular write operations<br /> used to emulate zone append operations also cannot be split by the<br /> target driver as that would result in an invalid writen sector value<br /> return using the BIO sector.<br /> <br /> In order for zoned DM target drivers to avoid such incorrect BIO<br /> splitting, we must ensure that large BIOs are split before being passed<br /> to the map() function of the target, thus guaranteeing that the<br /> limits for the mapped device are not exceeded.<br /> <br /> dm-crypt and dm-flakey are the only target drivers supporting zoned<br /> devices and using dm_accept_partial_bio().<br /> <br /> In the case of dm-crypt, this function is used to split BIOs to the<br /> internal max_write_size limit (which will be suppressed in a different<br /> patch). However, since crypt_alloc_buffer() uses a bioset allowing only<br /> up to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device<br /> max_segments limit, which is not set and so default to BLK_MAX_SEGMENTS<br /> (128), must thus be respected and write BIOs split accordingly.<br /> <br /> In the case of dm-flakey, since zone append emulation is not required,<br /> the block layer zone write plugging is not used and no splitting of BIOs<br /> required.<br /> <br /> Modify the function dm_zone_bio_needs_split() to use the block layer<br /> helper function bio_needs_zone_write_plugging() to force a call to<br /> bio_split_to_limits() in dm_split_and_process_bio(). This allows DM<br /> target drivers to avoid using dm_accept_partial_bio() for write<br /> operations on zoned DM devices.

Impacto

Referencias a soluciones, herramientas e información