CVE-2025-71161
Published: Jan 23, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fec_read_bufs, there is a loop that has 253 iterations. For each iteration, we may call verity_hash_for_block recursively. There is a limit of 4 nested recursions - that means that there may be at most 253^4 (4 billion) iterations. Red Hat QE team actually created an image that pushes dm-verity to this limit - and this image just makes the udev-worker process get stuck in the 'D' state. 2. It doesn't work. In fec_read_bufs we store data into the variable "fio->bufs", but fio bufs is shared between recursive invocations, if "verity_hash_for_block" invoked correction recursively, it would overwrite partially filled fio->bufs.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 - < 8b821ca892cfeeaf0bedc9fc72717294f67144d5affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 - < e227d2b229c7529bd98d348efc55262ccf24ab35affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 - < 897d9006e75f46f8bd7df78faa424327ae6a4bcfaffected a739ff3f543afbb4a041c16cd0182c8e8d366e70 - < 4220cb37406915c926c0e4a3dbab77cd9cceeb1eaffected a739ff3f543afbb4a041c16cd0182c8e8d366e70 - < 232948cf600fba69aff36b25d85ef91a73a35756+1 more versions |
Linux | Linux | affected 4.5unaffected 0 - < 4.5unaffected 5.15.209 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now