CVE-2025-38063

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing commit 2def2845cc33

Description The issue is related to the Linux kernel, where an unconditional IO throttle is caused by REQ PREFLUSH. This occurs when a bio with REQ PREFLUSH is submitted to dm, generating a flush bio that is throttled by wbt wait(). The problem exists in the upstream version and is similar to an issue found in v5.4. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For Linux kernel versions prior to the version containing commit 2def2845cc33, the fix involves conditionally adding REQ IDLE to flush bio.bi opf, which makes wbt should throttle() return false to avoid wbt wait(). As a temporary workaround, consider disabling the send empty flush() function until a patch is available. Restrict access to the vulnerable dm module to minimize the risk of exploitation. Avoid using the REQ PREFLUSH parameter in the affected API endpoint until the issue is resolved.