GHSA-72w6-32c7-vf7pMediumCVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when...
🔗 CVE IDs covered (1)
📋 Description
In the Linux kernel, the following vulnerability has been resolved:
ublk: fix deadlock when reading partition table
When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur:
- bdev_open() grabs disk->open_mutex
- The process issues read I/O to ublk backend to read partition table
- In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request() runs bio->bi_end_io() callbacks
- If this triggers fput() on file descriptor of ublk block device, the work may be deferred to current task's task work (see fput() implementation)
- This eventually calls blkdev_release() from the same context
- blkdev_release() tries to grab disk->open_mutex again
- Deadlock: same task waiting for a mutex it already holds
The fix is to run blk_update_request() and blk_mq_end_request() with bottom halves disabled. This forces blkdev_release() to run in kernel work-queue context instead of current task work context, and allows ublk server to make forward progress, and avoids the deadlock.
[axboe: rewrite comment in ublk]
🔗 References (7)
- https://nvd.nist.gov/vuln/detail/CVE-2025-68823
- https://git.kernel.org/stable/c/0460e09a614291f06c008443f47393c37b7358e7
- https://git.kernel.org/stable/c/c258f5c4502c9667bccf5d76fa731ab9c96687c1
- https://git.kernel.org/stable/c/64c0b7e2293757e8320f13434cd809f1c9257a62
- https://git.kernel.org/stable/c/9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7
- https://git.kernel.org/stable/c/27bb79b7717b2fbb111a1c13548b2786ee712dca
- https://github.com/advisories/GHSA-72w6-32c7-vf7p