Impact
The Linux kernel’s dm‑cache module contains a flaw in its invalidate_remove() routine: an overwrite bio is set up but discarded before submission during cache invalidation, causing write requests in passthrough mode to stall indefinitely. The issue does not compromise data confidentiality or integrity; it only disrupts availability by hanging write operations.
Affected Systems
Linux kernel releases that ship the dm‑cache driver without the recent commit adding invalidate_committed() and correcting error handling are vulnerable. Because the advisory does not list specific kernel versions, any unpatched kernel that includes the dm‑cache module and the historic write‑hang bug should be considered at risk.
Risk and Exploitability
With a CVSS score of 5.5 and an EPSS score of < 1 %, the likelihood of exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector appears to require local access to trigger write commands on a device using dm‑cache passthrough mode, leading to a denial‑of‑service condition by stalling write operations.
OpenCVE Enrichment
Debian DLA