CVE-2025-21664

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel's dm-thin functionality has been resolved. The issue arises from the use of a non-RCU-safe list handling function in the get first thin() function, which can lead to a situation where the list empty() function sees a valid list entry, but the subsequent list first() function sees a different view of the list head state after a modification. This can cause a crash, as seen in a production box where a GP fault occurred in the process deferred bios path. The kernel printed warnings about a saturated refcount t and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock before the fault. The fix involves switching the get first thin() function to use list first or null rcu(), which performs a single READ ONCE() and returns NULL if the list is already empty.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the get first thin() function until a patch is available. Restrict access to the dm-thin module to minimize the risk of exploitation. Avoid using the list first() function in the affected code path until the issue is resolved.