CVE-2025-68357
Lifecycle Timeline
2Description
In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_done_wq. This means the workqueue also needs to be allocated for async reads.
Analysis
Linux kernel iomap subsystem fails to allocate the s_dio_done_wq workqueue for asynchronous read operations, causing read error completions deferred by commit 222f2c7c6d14 to lack proper execution context and potentially leading to information disclosure or system instability. The vulnerability affects Linux kernel versions where the read error completion deferral was implemented without corresponding workqueue allocation for async reads. With an EPSS score of 0.01% and no evidence of active exploitation, this is a low-probability but correctness-critical issue affecting async I/O error handling on affected kernel versions.
Technical Context
The iomap (I/O mapping) subsystem in the Linux kernel handles direct I/O and memory-mapped I/O operations. Commit 222f2c7c6d14 introduced mandatory deferral of read error completions to a dedicated workqueue (s_dio_done_wq) to ensure error handlers run in proper user context rather than interrupt context. However, the workqueue allocation logic was conditional and only executed for write operations; async read paths were not guaranteed to have this workqueue initialized. When async read errors occur without the workqueue being allocated, error completion handlers may execute in incorrect context, potentially leading to incomplete error handling, information leaks, or kernel stability issues. The root cause is a resource allocation oversight rather than a logic flaw in error handling itself.
Affected Products
Linux kernel versions are affected from the point where commit 222f2c7c6d14 was merged through versions where the fix was not yet backported. Based on the upstream commit references provided (51297686e00f4d5d941b0f20f12b2f12879d753c, 7fd8720dff2d9c70cf5a1a13b7513af01952ec02, bfc717be833fd9ee41443fde2dea0352a7fca333, c67775cf0da2407f113c1229e350758f4dca0f51), multiple stable kernel series received backports. The vulnerability affects Linux distributions shipping affected kernel versions; specific product versions depend on distribution release dates and patch application. CPE data was not provided in the intelligence sources, preventing precise affected product enumeration. Kernel versions and distributions should be checked against the provided stable commits to determine exact impact.
Remediation
Upgrade to a Linux kernel version containing one of the upstream fixes referenced in the stable commits: 51297686e00f4d5d941b0f20f12b2f12879d753c, 7fd8720dff2d9c70cf5a1a13b7513af01952ec02, bfc717be833fd9ee41443fde2dea0352a7fca333, or c67775cf0da2407f113c1229e350758f4dca0f51. For distribution users, check your vendor's kernel security advisory for the patched kernel version in your series (e.g., RHEL, Ubuntu LTS, or Debian stable) and apply the update via your standard package management system. No workarounds are available for the underlying issue; workqueue allocation is mandatory for correct async read error handling. Prioritize patching on servers with high async I/O workloads (NVMe, high-speed storage) and distributed file systems, as these are most likely to trigger affected code paths.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today