Impact
A flaw in the Linux kernel’s ublk driver, associated with improper handling of I/O cancellation (CWE‑821), causes the per‑IO canceled flag to remain set when the server dies before all fetch commands are issued. The flag is only cleared after the entire queue is fetched; thus any subset of pending fetches is left without cancellation. Consequently, outstanding io_uring commands never complete, which can lock the block device and lead to system‑wide I/O stalls, effectively denying service.
Affected Systems
All Linux kernel systems that employ the ublk (user‑space block) subsystem are affected. The advisory does not specify a particular kernel version range, so any instance running the unpatched ublk module could be vulnerable.
Risk and Exploitability
The CVSS score of 5.5 and an EPSS score of < 1% indicate a low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, meaning no known public exploitation. The bug will manifest if a ublk server terminates or crashes while fetching only a subset of queued I/Os. An attacker with local control over the server could induce a crash, causing the device to hang and resources to be exhausted, which poses an availability risk for the host and any clients attached to the affected block device.
OpenCVE Enrichment