UBUNTU-CVE-2025-38063

In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQPREFLUSH When a bio with REQPREFLUSH is submitted to dm, sendemptyflush generates a flushbio with REQOPWRITE | REQPREFLUSH | REQSYNC, which causes the flushbio to be throttled by...

CVE-2025-38063

The CVE-2025-38063 entry concerns a Linux kernel vulnerability in the Linux DM (device-mapper) path where a bio submitted with REQ_PREFLUSH causes an unconditional IO throttle via wbt_wait, throttling the flush_bio that includes REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC. The root cause is throttling...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from dm unconditionally limiting IO throughput at REQPREFLUSH...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journalsectors is zero. Calculating the journal watermark requires dividing by journalsectors, which should be done only...

TencentOS Server 3: device-mapper-multipath (TSSA-2023:0147)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0147 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: device-mapper-multipath (TSSA-2022:0281)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0281 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0185: device-mapper-multipath (ALINUX3-SA-2022:0185)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0185 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-3787: RESERVED This candidate has been...

Alibaba Cloud Linux 3 : 0066: device-mapper-multipath (ALINUX3-SA-2023:0066)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0066 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41973: multipath-tools 0.7.7 through 0.9.x...

Alibaba Cloud Linux 3 : 0177: device-mapper-multipath (ALINUX3-SA-2022:0177)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0177 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41974: multipath-tools 0.7.0 through 0.9.x...

kernel: dm array: fix releasing a faulty array block twice in dm_array_cursor_end

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller ...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

SUSE CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

Rollbaccine : Herd Immunity against Storage Rollback Attacks in TEEs [Technical Report]

Today, users can "lift-and-shift" unmodified applications into modern, VM-based Trusted Execution Environments TEEs in order to gain hardware-based security guarantees. However, TEEs do not protect applications against disk rollback attacks, where persistent storage can be reverted to an earlier...

dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature

...

DEBIAN-CVE-2023-53044

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...

UBUNTU-CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

DEBIAN-CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

Vulnerability of the __dm_internal_suspend() function in the drivers/md/dm.c module – The driver for supporting multiple devices (RAID and LVM) in the Linux kernel allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the dminternalsuspend function in the drivers/md/dm.c module – The driver for supporting multiple devices RAID and LVM in the Linux kernel is vulnerable due to improper control of resource identifiers “resource injection”. Exploiting this vulnerability allows an attacker to...

PT-2025-27726

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the device-mapper dm and its handling of zoned devices with zone write plugs. The issue arises when the dm revalidate...

CLSA-2025-1742472545 kernel: Fix of 9 CVEs

USB: serial: ioedgeport: fix use after free in debug printk CVE-2024-50267 - HID: core: zero-initialize the report buffer CVE-2024-50302 - dm cache: fix potential out-of-bounds access on the first resume CVE-2024-50278 - dm cache: fix out-of-bounds access to the dirty bitset when resizing...