CVE-2025-37978

block: integrity: Do not call set_page_dirty_lock()

Description

In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can't be called from interrupt context. Since a protection information buffer is not backed by a file there is no point in setting its page dirty, there is nothing to synchronize. Drop the call to set_page_dirty_lock() and remove the last argument to bio_integrity_unpin_bvec().

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4
https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617
https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b

Frequently Asked Questions

What is the severity of CVE-2025-37978?: CVE-2025-37978 has not yet been assigned a CVSS score.
How to fix CVE-2025-37978?: To fix CVE-2025-37978, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37978 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-37978 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37978?: CVE-2025-37978 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.