CVE-2025-71117 (GCVE-0-2025-71117)

Vulnerability from cvelistv5 – Published: 2026-01-14 15:06 – Updated: 2026-01-14 15:06
VLAI?
Title
block: Remove queue freezing from several sysfs store callbacks
Summary
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option. Additionally, freezing the request queue slows down system boot on systems where sysfs attributes are set synchronously. Fix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue() calls from the store callbacks that do not strictly need these callbacks. Add the __data_racy annotation to request_queue.rq_timeout to suppress KCSAN data race reports about the rq_timeout reads. This patch may cause a small delay in applying the new settings. For all the attributes affected by this patch, I/O will complete correctly whether the old or the new value of the attribute is used. This patch affects the following sysfs attributes: * io_poll_delay * io_timeout * nomerges * read_ahead_kb * rq_affinity Here is an example of a deadlock triggered by running test srp/002 if this patch is not applied: task:multipathd Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 schedule_preempt_disabled+0x1c/0x30 __mutex_lock+0xb89/0x1650 mutex_lock_nested+0x1f/0x30 dm_table_set_restrictions+0x823/0xdf0 __bind+0x166/0x590 dm_swap_table+0x2a7/0x490 do_resume+0x1b1/0x610 dev_suspend+0x55/0x1a0 ctl_ioctl+0x3a5/0x7e0 dm_ctl_ioctl+0x12/0x20 __x64_sys_ioctl+0x127/0x1a0 x64_sys_call+0xe2b/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> task:(udev-worker) Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 blk_mq_freeze_queue_wait+0xf2/0x140 blk_mq_freeze_queue_nomemsave+0x23/0x30 queue_ra_store+0x14e/0x290 queue_attr_store+0x23e/0x2c0 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3b2/0x630 vfs_write+0x4fd/0x1390 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x276/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK>
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: af2814149883e2c1851866ea2afcd8eadc040f79 , < 3997b3147c7b68b0308378fa95a766015f8ceb1c (git)
Affected: af2814149883e2c1851866ea2afcd8eadc040f79 , < 935a20d1bebf6236076785fac3ff81e3931834e9 (git)
Create a notification for this product.
    Linux Linux Affected: 6.11
Unaffected: 0 , < 6.11 (semver)
Unaffected: 6.18.3 , ≤ 6.18.* (semver)
Unaffected: 6.19-rc1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-sysfs.c",
            "include/linux/blkdev.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3997b3147c7b68b0308378fa95a766015f8ceb1c",
              "status": "affected",
              "version": "af2814149883e2c1851866ea2afcd8eadc040f79",
              "versionType": "git"
            },
            {
              "lessThan": "935a20d1bebf6236076785fac3ff81e3931834e9",
              "status": "affected",
              "version": "af2814149883e2c1851866ea2afcd8eadc040f79",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-sysfs.c",
            "include/linux/blkdev.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.3",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19-rc1",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Remove queue freezing from several sysfs store callbacks\n\nFreezing the request queue from inside sysfs store callbacks may cause a\ndeadlock in combination with the dm-multipath driver and the\nqueue_if_no_path option. Additionally, freezing the request queue slows\ndown system boot on systems where sysfs attributes are set synchronously.\n\nFix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue()\ncalls from the store callbacks that do not strictly need these callbacks.\nAdd the __data_racy annotation to request_queue.rq_timeout to suppress\nKCSAN data race reports about the rq_timeout reads.\n\nThis patch may cause a small delay in applying the new settings.\n\nFor all the attributes affected by this patch, I/O will complete\ncorrectly whether the old or the new value of the attribute is used.\n\nThis patch affects the following sysfs attributes:\n* io_poll_delay\n* io_timeout\n* nomerges\n* read_ahead_kb\n* rq_affinity\n\nHere is an example of a deadlock triggered by running test srp/002\nif this patch is not applied:\n\ntask:multipathd\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x8c1/0x1bf0\n schedule+0xdd/0x270\n schedule_preempt_disabled+0x1c/0x30\n __mutex_lock+0xb89/0x1650\n mutex_lock_nested+0x1f/0x30\n dm_table_set_restrictions+0x823/0xdf0\n __bind+0x166/0x590\n dm_swap_table+0x2a7/0x490\n do_resume+0x1b1/0x610\n dev_suspend+0x55/0x1a0\n ctl_ioctl+0x3a5/0x7e0\n dm_ctl_ioctl+0x12/0x20\n __x64_sys_ioctl+0x127/0x1a0\n x64_sys_call+0xe2b/0x17d0\n do_syscall_64+0x96/0x3a0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e\ntask:(udev-worker)\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x8c1/0x1bf0\n schedule+0xdd/0x270\n blk_mq_freeze_queue_wait+0xf2/0x140\n blk_mq_freeze_queue_nomemsave+0x23/0x30\n queue_ra_store+0x14e/0x290\n queue_attr_store+0x23e/0x2c0\n sysfs_kf_write+0xde/0x140\n kernfs_fop_write_iter+0x3b2/0x630\n vfs_write+0x4fd/0x1390\n ksys_write+0xfd/0x230\n __x64_sys_write+0x76/0xc0\n x64_sys_call+0x276/0x17d0\n do_syscall_64+0x96/0x3a0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T15:06:05.161Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3997b3147c7b68b0308378fa95a766015f8ceb1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/935a20d1bebf6236076785fac3ff81e3931834e9"
        }
      ],
      "title": "block: Remove queue freezing from several sysfs store callbacks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71117",
    "datePublished": "2026-01-14T15:06:05.161Z",
    "dateReserved": "2026-01-13T15:30:19.653Z",
    "dateUpdated": "2026-01-14T15:06:05.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-71117\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-14T15:16:01.383\",\"lastModified\":\"2026-01-14T16:25:12.057\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblock: Remove queue freezing from several sysfs store callbacks\\n\\nFreezing the request queue from inside sysfs store callbacks may cause a\\ndeadlock in combination with the dm-multipath driver and the\\nqueue_if_no_path option. Additionally, freezing the request queue slows\\ndown system boot on systems where sysfs attributes are set synchronously.\\n\\nFix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue()\\ncalls from the store callbacks that do not strictly need these callbacks.\\nAdd the __data_racy annotation to request_queue.rq_timeout to suppress\\nKCSAN data race reports about the rq_timeout reads.\\n\\nThis patch may cause a small delay in applying the new settings.\\n\\nFor all the attributes affected by this patch, I/O will complete\\ncorrectly whether the old or the new value of the attribute is used.\\n\\nThis patch affects the following sysfs attributes:\\n* io_poll_delay\\n* io_timeout\\n* nomerges\\n* read_ahead_kb\\n* rq_affinity\\n\\nHere is an example of a deadlock triggered by running test srp/002\\nif this patch is not applied:\\n\\ntask:multipathd\\nCall Trace:\\n \u003cTASK\u003e\\n __schedule+0x8c1/0x1bf0\\n schedule+0xdd/0x270\\n schedule_preempt_disabled+0x1c/0x30\\n __mutex_lock+0xb89/0x1650\\n mutex_lock_nested+0x1f/0x30\\n dm_table_set_restrictions+0x823/0xdf0\\n __bind+0x166/0x590\\n dm_swap_table+0x2a7/0x490\\n do_resume+0x1b1/0x610\\n dev_suspend+0x55/0x1a0\\n ctl_ioctl+0x3a5/0x7e0\\n dm_ctl_ioctl+0x12/0x20\\n __x64_sys_ioctl+0x127/0x1a0\\n x64_sys_call+0xe2b/0x17d0\\n do_syscall_64+0x96/0x3a0\\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\\n \u003c/TASK\u003e\\ntask:(udev-worker)\\nCall Trace:\\n \u003cTASK\u003e\\n __schedule+0x8c1/0x1bf0\\n schedule+0xdd/0x270\\n blk_mq_freeze_queue_wait+0xf2/0x140\\n blk_mq_freeze_queue_nomemsave+0x23/0x30\\n queue_ra_store+0x14e/0x290\\n queue_attr_store+0x23e/0x2c0\\n sysfs_kf_write+0xde/0x140\\n kernfs_fop_write_iter+0x3b2/0x630\\n vfs_write+0x4fd/0x1390\\n ksys_write+0xfd/0x230\\n __x64_sys_write+0x76/0xc0\\n x64_sys_call+0x276/0x17d0\\n do_syscall_64+0x96/0x3a0\\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\\n \u003c/TASK\u003e\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3997b3147c7b68b0308378fa95a766015f8ceb1c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/935a20d1bebf6236076785fac3ff81e3931834e9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.