CVE-2025-71225

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the raid1 reshape() function related to managing RAID arrays via sysfs. Specifically, the issue arises from calling freeze array() before and after modifications to the raid disks and r1bio memory pool. If an I/O error occurs during this process, the freeze array() function might unblock prematurely, leading to out-of-bounds memory access in free r1bio() and potential issues with the mempool due to incorrect memory release. Suspending the array during the update process prevents this condition. Updating raid disks via the ioctl SET ARRAY INFO already suspends the array, so this change extends the suspension to updates via sysfs. The vulnerable function is raid1 reshape().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.