CVE-2025-39791: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's dm-crypt subsystem was discovered and documented as CVE-2025-39791. The issue affects the handling of write operations in zoned dm-crypt targets, where BIO splitting operations could lead to potential system issues. This vulnerability was disclosed on September 11, 2025 (NVD).

The vulnerability stems from how dm-crypt handles BIO splitting in zoned targets. When processing write operations larger than the dm-crypt internal limits (default 128 KB), the system attempts to split these operations, which can cause two critical issues: 1) potential deadlocks during queue freeze operations due to improper handling of reminder BIOs, and 2) incorrect sector reporting for zone append operations leading to file system data corruptions in xfs or btrfs. The issue specifically affects the write path of dm-crypt when dealing with zoned targets (NVD).

The vulnerability can result in system deadlocks and file system data corruptions, particularly affecting xfs and btrfs file systems when using zoned dm-crypt targets. The impact is limited to the write path of zoned dm-crypt targets and does not affect regular dm-crypt block devices or the read path operations (NVD).

The vulnerability has been addressed through modifications to the getmaxrequestsize() function, which has been renamed to getmaxrequestsectors(). The fix ensures that write BIOs are not split by setting the dm-crypt device maxhwsectors limit to at most BIOMAXVECS << PAGESECTORSSHIFT (1 MB with a 4KB page architecture). This change forces DM core to split write BIOs before they reach crypt_map(), ensuring proper handling without affecting performance (NVD).