{"id":66891,"date":"2025-07-28T17:33:36","date_gmt":"2025-07-28T14:03:36","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-38496-qemu-dm-bufio-preemption-vulnerability\/"},"modified":"2025-07-28T17:33:36","modified_gmt":"2025-07-28T14:03:36","slug":"cve-2025-38496-qemu-dm-bufio-preemption-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-38496-qemu-dm-bufio-preemption-vulnerability\/","title":{"rendered":"CVE-2025-38496 &#8211; QEMU dm-bufio Preemption Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-38496<br \/>\n<br \/>\n<strong>Published : <\/strong> July 28, 2025, 12:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>In the Linux kernel, the following vulnerability has been resolved:<\/p>\n<p>dm-bufio: fix sched in atomic context<\/p>\n<p>If &#8220;try_verify_in_tasklet&#8221; is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP<br \/>\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there<br \/>\nis a chance to trigger scheduling in spin_lock_bh, the following warning<br \/>\nis hit:<\/p>\n<p>BUG: sleeping function called from invalid context at drivers\/md\/dm-bufio.c:2745<br \/>\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker\/2:2<br \/>\npreempt_count: 201, expected: 0<br \/>\nRCU nest depth: 0, expected: 0<br \/>\n4 locks held by kworker\/2:2\/123:<br \/>\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){&#8230;.}-{0:0}, at: process_one_work+0xe46\/0x1970<br \/>\n #1: ffffc90000d97d20 ((work_completion)(&amp;dm_bufio_replacement_work)){&#8230;.}-{0:0}, at: process_one_work+0x763\/0x1970<br \/>\n #2: ffffffff8555b528 (dm_bufio_clients_lock){&#8230;.}-{3:3}, at: do_global_cleanup+0x1ce\/0x710<br \/>\n #3: ffff88801d5820b8 (&amp;c-&gt;spinlock){&#8230;.}-{2:2}, at: do_global_cleanup+0x2a5\/0x710<br \/>\nPreemption disabled at:<br \/>\n[] 0x0<br \/>\nCPU: 2 UID: 0 PID: 123 Comm: kworker\/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)<br \/>\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04\/01\/2014<br \/>\nWorkqueue: dm_bufio_cache do_global_cleanup<br \/>\nCall Trace:<\/p>\n<p> dump_stack_lvl+0x53\/0x70<br \/>\n __might_resched+0x360\/0x4e0<br \/>\n do_global_cleanup+0x2f5\/0x710<br \/>\n process_one_work+0x7db\/0x1970<br \/>\n worker_thread+0x518\/0xea0<br \/>\n kthread+0x359\/0x690<br \/>\n ret_from_fork+0xf3\/0x1b0<br \/>\n ret_from_fork_asm+0x1a\/0x30<\/p>\n<p>That can be reproduced by:<\/p>\n<p>  veritysetup format &#8211;data-block-size=4096 &#8211;hash-block-size=4096 \/dev\/vda \/dev\/vdb<br \/>\n  SIZE=$(blockdev &#8211;getsz \/dev\/vda)<br \/>\n  dmsetup create myverity -r &#8211;table &#8220;0 $SIZE verity 1 \/dev\/vda \/dev\/vdb 4096 4096  1 sha256   1 try_verify_in_tasklet&#8221;<br \/>\n  mount \/dev\/dm-0 \/mnt -o ro<br \/>\n  echo 102400 &gt; \/sys\/module\/dm_bufio\/parameters\/max_cache_size_bytes<br \/>\n  [read files in \/mnt]\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-38496 Published : July 28, 2025, 12:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: dm-bufio: fix sched in atomic context If &#8220;try_verify_in_tasklet&#8221; is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP is enabled for dm-bufio. However, when bufio tries to evict buffers, there is a chance &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-66891","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/66891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=66891"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/66891\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=66891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=66891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=66891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}