CVE-2025-71161
- Source
- https://cve.org/CVERecord?id=CVE-2025-71161
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71161.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-71161
- Downstream
- Related
- Published
- 2026-01-23T15:23:59.464Z
- Modified
- 2026-03-13T04:06:20.318461Z
- Summary
- dm-verity: disable recursive forward error correction
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: disable recursive forward error correction
There are two problems with the recursive correction:
It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may call verityhashfor_block recursively. There is a limit of 4 nested recursions - that means that there may be at most 253^4 (4 billion) iterations. Red Hat QE team actually created an image that pushes dm-verity to this limit - and this image just makes the udev-worker process get stuck in the 'D' state.
It doesn't work. In fecreadbufs we store data into the variable "fio->bufs", but fio bufs is shared between recursive invocations, if "verityhashfor_block" invoked correction recursively, it would overwrite partially filled fio->bufs.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71161.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/232948cf600fba69aff36b25d85ef91a73a35756
- https://git.kernel.org/stable/c/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71161.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-71161