Linux Kernel Vulnerability in IO Throttling Mechanism
CVE-2025-38063

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38063?

The identified flaw in the Linux kernel's IO throttling mechanism involves the management of flush_bio requests generated during metadata operations. A misconfiguration with REQ_PREFLUSH led to unintended throttling of metadata bio submissions, particularly during high load scenarios. This vulnerability can lead to performance degradation by causing unnecessary delays in processing critical file operations. The fix ensures that flush_bio is conditionally updated, preventing wbt_wait from triggering under normal circumstances, thus improving operational efficiency.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 95d08924335f3b6f4ea0b92ebfe4fe0731c502d9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 52aa28f7b1708d76e315d78b5ed397932a1a97c3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/95d08924335f3b6f4ea0b92eb...

https://git.kernel.org/stable/c/52aa28f7b1708d76e315d78b5...

https://git.kernel.org/stable/c/b55a97d1bd4083729a60d19be...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025