{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-14T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service via deadlock in block layer sysfs store callbacks",
    "id" : "2429589",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2429589"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-833",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nblock: Remove queue freezing from several sysfs store callbacks\nFreezing the request queue from inside sysfs store callbacks may cause a\ndeadlock in combination with the dm-multipath driver and the\nqueue_if_no_path option. Additionally, freezing the request queue slows\ndown system boot on systems where sysfs attributes are set synchronously.\nFix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue()\ncalls from the store callbacks that do not strictly need these callbacks.\nAdd the __data_racy annotation to request_queue.rq_timeout to suppress\nKCSAN data race reports about the rq_timeout reads.\nThis patch may cause a small delay in applying the new settings.\nFor all the attributes affected by this patch, I/O will complete\ncorrectly whether the old or the new value of the attribute is used.\nThis patch affects the following sysfs attributes:\n* io_poll_delay\n* io_timeout\n* nomerges\n* read_ahead_kb\n* rq_affinity\nHere is an example of a deadlock triggered by running test srp/002\nif this patch is not applied:\ntask:multipathd\nCall Trace:\n<TASK>\n__schedule+0x8c1/0x1bf0\nschedule+0xdd/0x270\nschedule_preempt_disabled+0x1c/0x30\n__mutex_lock+0xb89/0x1650\nmutex_lock_nested+0x1f/0x30\ndm_table_set_restrictions+0x823/0xdf0\n__bind+0x166/0x590\ndm_swap_table+0x2a7/0x490\ndo_resume+0x1b1/0x610\ndev_suspend+0x55/0x1a0\nctl_ioctl+0x3a5/0x7e0\ndm_ctl_ioctl+0x12/0x20\n__x64_sys_ioctl+0x127/0x1a0\nx64_sys_call+0xe2b/0x17d0\ndo_syscall_64+0x96/0x3a0\nentry_SYSCALL_64_after_hwframe+0x4b/0x53\n</TASK>\ntask:(udev-worker)\nCall Trace:\n<TASK>\n__schedule+0x8c1/0x1bf0\nschedule+0xdd/0x270\nblk_mq_freeze_queue_wait+0xf2/0x140\nblk_mq_freeze_queue_nomemsave+0x23/0x30\nqueue_ra_store+0x14e/0x290\nqueue_attr_store+0x23e/0x2c0\nsysfs_kf_write+0xde/0x140\nkernfs_fop_write_iter+0x3b2/0x630\nvfs_write+0x4fd/0x1390\nksys_write+0xfd/0x230\n__x64_sys_write+0x76/0xc0\nx64_sys_call+0x276/0x17d0\ndo_syscall_64+0x96/0x3a0\nentry_SYSCALL_64_after_hwframe+0x4b/0x53\n</TASK>", "A flaw was found in the Linux kernel. A local user could exploit a vulnerability where freezing the request queue within certain sysfs store callbacks can lead to a deadlock. This issue may occur when combined with the device-mapper multipath (dm-multipath) driver and the `queue_if_no_path` option, or when sysfs attributes are set synchronously. Successful exploitation could result in a Denial of Service (DoS) by making the system unresponsive." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-71117\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71117\nhttps://lore.kernel.org/linux-cve-announce/2026011414-CVE-2025-71117-0e3e@gregkh/T" ],
  "name" : "CVE-2025-71117",
  "csaw" : false
}