CVE-2025-71161

MEDIUM EPSS 6.1%
Published Jan 23, 20265mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 23, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fec_read_bufs, there is a loop that has 253 iterations. For each iteration, we may call verity_hash_for_block recursively. There is a limit of 4 nested recursions - that means that there may be at most 253^4 (4 billion) iterations. Red Hat QE team actually created an image that pushes dm-verity to this limit - and this image just makes the udev-worker process get stuck in the 'D' state. 2. It doesn't work. In fec_read_bufs we store data into the variable "fio->bufs", but fio bufs is shared between recursive invocations, if "verity_hash_for_block" invoked correction recursively, it would overwrite partially filled fio->bufs.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-193

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel*≥4.5  –  <6.18.6

References 6

  • git.kernel.org https://git.kernel.org/stable/c/232948cf600fba69aff36b25d85ef91a73a35756
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4220cb37406915c926c0e4a3dbab77cd9cceeb1e
  • git.kernel.org https://git.kernel.org/stable/c/897d9006e75f46f8bd7df78faa424327ae6a4bcf
  • git.kernel.org https://git.kernel.org/stable/c/8b821ca892cfeeaf0bedc9fc72717294f67144d5
  • git.kernel.org https://git.kernel.org/stable/c/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e227d2b229c7529bd98d348efc55262ccf24ab35

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/232948cf600fba69aff36b25d85ef91a73a35756
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801
    Patch