{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-21643","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.727Z","datePublished":"2025-01-19T10:17:59.820Z","dateUpdated":"2025-05-04T07:18:06.741Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:18:06.741Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel async DIO\n\nNetfslib needs to be able to handle kernel-initiated asynchronous DIO that\nis supplied with a bio_vec[] array.  Currently, because of the async flag,\nthis gets passed to netfs_extract_user_iter() which throws a warning and\nfails because it only handles IOVEC and UBUF iterators.  This can be\ntriggered through a combination of cifs and a loopback blockdev with\nsomething like:\n\n        mount //my/cifs/share /foo\n        dd if=/dev/zero of=/foo/m0 bs=4K count=1K\n        losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0\n        echo hello >/dev/loop2046\n\nThis causes the following to appear in syslog:\n\n        WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs]\n\nand the write to fail.\n\nFix this by removing the check in netfs_unbuffered_write_iter_locked() that\ncauses async kernel DIO writes to be handled as userspace writes.  Note\nthat this change relies on the kernel caller maintaining the existence of\nthe bio_vec array (or kvec[] or folio_queue) until the op is complete."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/netfs/direct_write.c"],"versions":[{"version":"153a9961b551101cd38e94e26cd92fbfd198b19b","lessThan":"9f3a265836844eda30bf34c2584b8011fd4f0f49","status":"affected","versionType":"git"},{"version":"153a9961b551101cd38e94e26cd92fbfd198b19b","lessThan":"3f6bc9e3ab9b127171d39f9ac6eca1abb693b731","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/netfs/direct_write.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"6.12.10","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9f3a265836844eda30bf34c2584b8011fd4f0f49"},{"url":"https://git.kernel.org/stable/c/3f6bc9e3ab9b127171d39f9ac6eca1abb693b731"}],"title":"netfs: Fix kernel async DIO","x_generator":{"engine":"bippy-1.2.0"}}}}