CVE-2025-38063
Description
In the Linux kernel, the following vulnerability has been resolved:
dm: fix unconditional IO throttle caused by REQ_PREFLUSH
When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, which causes the flush_bio to be throttled by wbt_wait().
An example from v5.4, similar problem also exists in upstream:
crash> bt 2091206 PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: "kworker/u260:0" #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8 #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4 #2 [ffff800084a2f880] schedule at ffff800040bfa4b4 #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4 #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0 #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254 #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38 #8 [ffff800084a2fa60] generic_make_request at ffff800040570138 #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4 #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs] #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs] #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs] #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs] #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs] #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs] #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08 #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc #18 [ffff800084a2fe70] kthread at ffff800040118de4
After commit 2def2845cc33 ("xfs: don't allow log IO to be throttled"), the metadata submitted by xlog_write_iclog() should not be throttled. But due to the existence of the dm layer, throttling flush_bio indirectly causes the metadata bio to be throttled.
Fix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes wbt_should_throttle() return false to avoid wbt_wait().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's device mapper, a REQ_PREFLUSH bio triggers unconditional IO throttling of flush_bio via wbt_wait, indirectly stalling metadata writes like XFS log IOs.
In the Linux kernel device-mapper (dm) subsystem, a bug in the handling of REQ_PREFLUSH bios causes unconditional I/O throttling. When __send_empty_flush() processes a bio with REQ_PREFLUSH, it generates a flush_bio with flags REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC. This set of flags makes the flush_bio subject to write-back throttling (wbt_wait()), even though it is a flush operation that should not be throttled.
The problem manifests in practice when filesystems like XFS submit metadata IOs via xlog_write_iclog(). Although commit 2def2845cc33 ("xfs: don't allow log IO to be throttled") exempts XFS log IOs from throttling at the block layer, the presence of the dm layer intercepts the bio and creates a flush_bio that is still throttled. This indirectly stalls the original metadata IO, causing a hang in the XFS CIL push workqueue (e.g., worker thread kworker/u260:0 stuck in io_schedule() as shown in the call trace). No authentication is required; any workload using dm on top of a filesystem that issues flushes can trigger the issue.
An attacker with local access or ability to influence I/O patterns could exploit this to cause a denial of service by making the system unresponsive due to blocked metadata writes. The impact is a partial loss of availability (CVSS v3 base score 5.5). No privilege escalation or data corruption is involved.
The Linux kernel upstream has fixed the vulnerability by conditionally adding REQ_IDLE to flush_bio.bi_opf, which causes wbt_should_throttle() to return false for flush bios. The fix is included in later kernel stable updates. Users should apply the latest kernel patches from their distribution. The Siemens advisory [1] lists affected products (SIMATIC S7-1500 CPU family) that incorporate the vulnerable kernel code. The kernel.org stable commits [2], [3], [4] contain the backported fixes.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Linux/Linuxv5Range: 4.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/2858cda9a8d95e6deee7e3b0a26adde696a9a4f5nvdPatch
- git.kernel.org/stable/c/52aa28f7b1708d76e315d78b5ed397932a1a97c3nvdPatch
- git.kernel.org/stable/c/88f7f56d16f568f19e1a695af34a7f4a6ce537a6nvdPatch
- git.kernel.org/stable/c/95d08924335f3b6f4ea0b92ebfe4fe0731c502d9nvdPatch
- git.kernel.org/stable/c/b55a97d1bd4083729a60d19beffe85d4c96680denvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
News mentions
0No linked articles in our index yet.