HOMEVULNERABILITIESCVE-2025-71225
NONE

CVE-2025-71225

Published: February 18, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:3.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

md: suspend array while updating raid_disks via sysfs

In raid1_reshape(), freeze_array() is called before modifying the r1bio

memory pool (conf->r1bio_pool) and conf->raid_disks, and

unfreeze_array() is called after the update is completed.

However, freeze_array() only waits until nr_sync_pending and

(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error

occurs, nr_queued is increased and the corresponding r1bio is queued to

either retry_list or bio_end_io_list. As a result, freeze_array() may

unblock before these r1bios are released.

This can lead to a situation where conf->raid_disks and the mempool have

already been updated while queued r1bios, allocated with the old

raid_disks value, are later released. Consequently, free_r1bio() may

access memory out of bounds in put_all_bios() and release r1bios of the

wrong size to the new mempool, potentially causing issues with the

mempool as well.

Since only normal I/O might increase nr_queued while an I/O error occurs,

suspending the array avoids this issue.

Note: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends

the array. Therefore, we suspend the array when updating raid_disks

via sysfs to avoid this issue too.

NVD Source

Technical Analysis

CVE-2025-71225 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2025-71225
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 18, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-71225 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.