In the Linux kernel, the following vulnerability has been resolved:
block: refine the EOF check in blkdeviomapbegin
blkdeviomapbegin rounds down the offset to the logical block size before stashing it in iomap->offset and checking that it still is inside the inode size.
Check the i_size check to the raw pos value so that we don't try a zero size write if iter->pos is unaligned.