CVE-2025-68357
Description
In the Linux kernel, the following vulnerability has been resolved:
iomap: allocate s_dio_done_wq for async reads as well
Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_done_wq. This means the workqueue also needs to be allocated for async reads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, the iomap subsystem fails to allocate the s_dio_done_wq workqueue for async reads, causing deferred read error completions to be mishandled.
Root
Cause
The vulnerability resides in the Linux kernel's iomap subsystem. Commit 222f2c7c6d14 ("iomap: always run error completions in user context") modified completion handling so that read error completions are always deferred to a dedicated workqueue, s_dio_done_wq. However, this workqueue is only initialized for synchronous direct I/O (DIO) operations; it is not allocated for asynchronous reads. As a result, when an asynchronous read encounters an error, the kernel attempts to queue work on an uninitialized workqueue, leading to undefined behavior [1][2].
Exploitation
To exploit this issue, an attacker would need to trigger an I/O error on a filesystem that uses the iomap layer (such as ext4 or XFS) while performing an asynchronous read operation. This could be achieved by, for example, reading from a storage device that is intentionally made to fail or by corrupting the underlying block device. The attack surface is local and requires the ability to perform I/O operations on a filesystem mounted with direct I/O or buffered I/O that translates to iomap asynchronous reads. No special privileges beyond standard file access are necessary, though some control over the storage medium or filesystem state is required.
Impact
An attacker who successfully triggers this condition could cause a kernel crash (NULL pointer dereference or use of uninitialized memory), leading to a denial of service. The exact impact depends on the kernel's memory protection and error handling; in the worst case, arbitrary code execution in kernel context cannot be ruled out, although the primary risk is system instability and unavailability.
Mitigation
The issue is fixed by allocating s_dio_done_wq for asynchronous reads as well, ensuring the workqueue is always initialized before use. The patch is available in the Linux kernel stable repositories [1][2]. Users are advised to apply the latest kernel updates from their distribution or compile a patched kernel. No workaround is available without the patch, as the defect is in the core I/O completion path.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.