dm-verity: disable recursive forward error correction

CVE	CVE-2025-71161
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-01-23 16:15:53 UTC
Updated	2026-06-01 17:16:38 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fec_read_bufs, there is a loop that has 253 iterations. For each iteration, we may call verity_hash_for_block recursively. There is a limit of 4 nested recursions - that means that there may be at most 253^4 (4 billion) iterations. Red Hat QE team actually created an image that pushes dm-verity to this limit - and this image just makes the udev-worker process get stuck in the 'D' state. 2. It doesn't work. In fec_read_bufs we store data into the variable "fio->bufs", but fio bufs is shared between recursive invocations, if "verity_hash_for_block" invoked correction recursively, it would overwrite partially filled fio->bufs.

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000150000 probability, percentile 0.033390000 (date 2026-06-03)

Problem Types: CWE-193

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 8b821ca892cfeeaf0bedc9fc72717294f67144d5 git	Not specified
CNA	Linux	Linux	affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 e227d2b229c7529bd98d348efc55262ccf24ab35 git	Not specified
CNA	Linux	Linux	affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 897d9006e75f46f8bd7df78faa424327ae6a4bcf git	Not specified
CNA	Linux	Linux	affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 4220cb37406915c926c0e4a3dbab77cd9cceeb1e git	Not specified
CNA	Linux	Linux	affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 232948cf600fba69aff36b25d85ef91a73a35756 git	Not specified
CNA	Linux	Linux	affected a739ff3f543afbb4a041c16cd0182c8e8d366e70 d9f3e47d3fae0c101d9094bc956ed24e7a0ee801 git	Not specified
CNA	Linux	Linux	affected 4.5	Not specified
CNA	Linux	Linux	unaffected 4.5 semver	Not specified
CNA	Linux	Linux	unaffected 5.15.209 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.167 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.78 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.6 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19 * original_commit_for_fix	Not specified

Reference	Source	Link	Tags
git.kernel.org/stable/c/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/897d9006e75f46f8bd7df78faa424327ae6a4bcf	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/232948cf600fba69aff36b25d85ef91a73a35756	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/8b821ca892cfeeaf0bedc9fc72717294f67144d5	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/4220cb37406915c926c0e4a3dbab77cd9cceeb1e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/e227d2b229c7529bd98d348efc55262ccf24ab35	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.