CVE-2025-39791: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39791 was disclosed on September 11, 2025, affecting the Linux kernel's dm-crypt subsystem. The vulnerability relates to how dm-crypt handles write BIOs (Block I/O operations) with zoned targets. The issue specifically involves the improper handling of BIO splitting operations that were intended to improve processing time of large BIOs through parallelization (NVD).

The vulnerability stems from dm-crypt's handling of BIO operations where read and write operations may be split according to internal limits defined by maxreadsize and maxwritesize module parameters (default 128 KB). While this splitting was designed to improve performance through CPU parallelization, for zoned dm-crypt targets, the splitting occurs without parallel execution to maintain sequential write operations. This leads to issues with zone write plugging and incorrect handling of zone append operations (NVD).

The vulnerability can result in two major issues: First, it can cause deadlocks when reminder BIOs are re-issued and plugged again during queue freeze operations. Second, it can lead to file system data corruptions in xfs or btrfs when processing zone append operations, due to incorrect written sector values being returned to the zone append issuer (NVD).

The fix involves modifying getmaxrequestsize() to always return the size of the BIO to prevent splitting with dmacceptpartialbio() in cryptmap(). Additionally, the dm-crypt device maxhwsectors limit is set to be at most BIOMAXVECS << PAGESECTORSSHIFT (1 MB with a 4KB page architecture). This ensures DM core splits write BIOs before passing them to cryptmap() (NVD).