| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.2. This affects the function blk_mq_freeze_queue. Such manipulation leads to deadlock.
This vulnerability is referenced as CVE-2025-71117. No exploit is available.
It is advisable to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 6.18.2. It has been rated as critical. Affected by this issue is the function blk_mq_freeze_queue. The manipulation with an unknown input leads to a deadlock vulnerability. Using CWE to declare the problem leads to CWE-833. The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. Impacted is availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option. Additionally, freezing the request queue slows down system boot on systems where sysfs attributes are set synchronously. Fix this by removing the blk_mq_freeze_queue() / blk_mq_unfreeze_queue() calls from the store callbacks that do not strictly need these callbacks. Add the __data_racy annotation to request_queue.rq_timeout to suppress KCSAN data race reports about the rq_timeout reads. This patch may cause a small delay in applying the new settings. For all the attributes affected by this patch, I/O will complete correctly whether the old or the new value of the attribute is used. This patch affects the following sysfs attributes: * io_poll_delay * io_timeout * nomerges * read_ahead_kb * rq_affinity Here is an example of a deadlock triggered by running test srp/002 if this patch is not applied: task:multipathd Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 schedule_preempt_disabled+0x1c/0x30 __mutex_lock+0xb89/0x1650 mutex_lock_nested+0x1f/0x30 dm_table_set_restrictions+0x823/0xdf0 __bind+0x166/0x590 dm_swap_table+0x2a7/0x490 do_resume+0x1b1/0x610 dev_suspend+0x55/0x1a0 ctl_ioctl+0x3a5/0x7e0 dm_ctl_ioctl+0x12/0x20 __x64_sys_ioctl+0x127/0x1a0 x64_sys_call+0xe2b/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> task:(udev-worker) Call Trace: <TASK> __schedule+0x8c1/0x1bf0 schedule+0xdd/0x270 blk_mq_freeze_queue_wait+0xf2/0x140 blk_mq_freeze_queue_nomemsave+0x23/0x30 queue_ra_store+0x14e/0x290 queue_attr_store+0x23e/0x2c0 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3b2/0x630 vfs_write+0x4fd/0x1390 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x276/0x17d0 do_syscall_64+0x96/0x3a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK>
The advisory is available at git.kernel.org. This vulnerability is handled as CVE-2025-71117 since 01/13/2026. The exploitation is known to be difficult. Technical details are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 307549 (Ubuntu 24.04 LTS / 25.10 : Linux kernel (GCP) vulnerabilities (USN-8183-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.18.3 or 6.19-rc1 eliminates this vulnerability. Applying the patch 3997b3147c7b68b0308378fa95a766015f8ceb1c/935a20d1bebf6236076785fac3ff81e3931834e9 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (307549) and CERT Bund (WID-SEC-2026-0119). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Affected
- Debian Linux
- Amazon Linux 2
- SUSE Linux
- Oracle Linux
- SUSE openSUSE
- Open Source Linux Kernel
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 5.0
VulDB Base Score: 4.8
VulDB Temp Score: 4.6
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: DeadlockCWE: CWE-833 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 307549
Nessus Name: Ubuntu 24.04 LTS / 25.10 : Linux kernel (GCP) vulnerabilities (USN-8183-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.18.3/6.19-rc1
Patch: 3997b3147c7b68b0308378fa95a766015f8ceb1c/935a20d1bebf6236076785fac3ff81e3931834e9
Timeline
01/13/2026 CVE reserved01/14/2026 Advisory disclosed
01/14/2026 VulDB entry created
04/21/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2025-71117 (🔒)
GCVE (CVE): GCVE-0-2025-71117
GCVE (VulDB): GCVE-100-341090
CERT Bund: WID-SEC-2026-0119 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 01/14/2026 17:48Updated: 04/21/2026 04:57
Changes: 01/14/2026 17:48 (58), 01/16/2026 05:08 (7), 03/09/2026 05:29 (1), 03/25/2026 22:03 (12), 04/21/2026 04:57 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.

No comments yet. Languages: en.
Please log in to comment.