CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37978: block: integrity: Do not call set_page_dirty_lock()

Description

In the Linux kernel, the following vulnerability has been resolved:

block: integrity: Do not call set_page_dirty_lock()

Placing multiple protection information buffers inside the same page
can lead to oopses because set_page_dirty_lock() can't be called from
interrupt context.

Since a protection information buffer is not backed by a file there is
no point in setting its page dirty, there is nothing to synchronize.
Drop the call to set_page_dirty_lock() and remove the last argument to
bio_integrity_unpin_bvec().

Classification

CVE ID: CVE-2025-37978

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.26% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37978
https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4
https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617
https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b

Timeline

2025-05-20 17:40:22 UTC
CVE

block: integrity: Do not call set_page_dirty_lock()