CVE-2025-68202
- Source
- https://cve.org/CVERecord?id=CVE-2025-68202
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68202
- Downstream
- Published
- 2025-12-16T13:48:30.376Z
- Modified
- 2025-12-16T19:34:03.489334Z
- Summary
- sched_ext: Fix unsafe locking in the scx_dump_state()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
schedext: Fix unsafe locking in the scxdump_state()
For built with CONFIGPREEMPTRT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur:
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. irq_work/0/27 [HC0[0]:SC0[0]:HE1:SE1] takes: (&rq->__lock){?...}-{2:2}, at: rawspinrqlocknested+0x2b/0x40 {IN-HARDIRQ-W} state was registered at: lockacquire+0x1e1/0x510 rawspinlocknested+0x42/0x80 rawspinrqlocknested+0x2b/0x40 schedtick+0xae/0x7b0 updateprocesstimes+0x14c/0x1b0 tickperiodic+0x62/0x1f0 tickhandleperiodic+0x48/0xf0 timerinterrupt+0x55/0x80 __handleirqeventpercpu+0x20a/0x5c0 handleirqeventpercpu+0x18/0xc0 handleirqevent+0xb5/0x150 handlelevelirq+0x220/0x460 __commoninterrupt+0xa2/0x1e0 commoninterrupt+0xb0/0xd0 asmcommoninterrupt+0x2b/0x40 rawspinunlockirqrestore+0x45/0x80 _setupirq+0xc34/0x1a30 requestthreadedirq+0x214/0x2f0 hpettimeinit+0x3e/0x60 x86latetimeinit+0x5b/0xb0 startkernel+0x308/0x410 x8664startreservations+0x1c/0x30 x8664startkernel+0x96/0xa0 commonstartup64+0x13e/0x148
other info that might help us debug this: Possible unsafe locking scenario:
CPU0 ----lock(&rq->__lock); <Interrupt> lock(&rq->__lock);
*** DEADLOCK ***
stack backtrace: CPU: 0 UID: 0 PID: 27 Comm: irqwork/0 Call Trace: <TASK> dumpstacklvl+0x8c/0xd0 dumpstack+0x14/0x20 printusagebug+0x42e/0x690 mark_lock.part.44+0x867/0xa70 ? __pfxmarklock.part.44+0x10/0x10 ? string_nocheck+0x19c/0x310 ? number+0x739/0x9f0 ? __pfxstringnocheck+0x10/0x10 ? __pfxcheckpointer+0x10/0x10 ? kvmschedclock_read+0x15/0x30 ? schedclocknoinstr+0xd/0x20 ? localclocknoinstr+0x1c/0xe0 __lock_acquire+0xc4b/0x62b0 ? __pfxformatdecode+0x10/0x10 ? __pfxstring+0x10/0x10 ? pfxlock_acquire+0x10/0x10 ? __pfxvsnprintf+0x10/0x10 lockacquire+0x1e1/0x510 ? rawspinrqlocknested+0x2b/0x40 ? __pfxlockacquire+0x10/0x10 ? dumpline+0x12e/0x270 ? rawspinrqlocknested+0x20/0x40 rawspinlocknested+0x42/0x80 ? rawspinrqlocknested+0x2b/0x40 rawspinrqlocknested+0x2b/0x40 scxdumpstate+0x3b3/0x1270 ? finishtaskswitch+0x27e/0x840 scxopserrorirqworkfn+0x67/0x80 irqworksingle+0x113/0x260 irqworkrunlist.part.3+0x44/0x70 runirqworkd+0x6b/0x90 ? __pfxrunirqworkd+0x10/0x10 smpbootthread_fn+0x529/0x870 ? __pfxsmpbootthread_fn+0x10/0x10 kthread+0x305/0x3f0 ? __pfxkthread+0x10/0x10 retfrom_fork+0x40/0x70 ? __pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK>
This commit therefore use rqlockirqsave/irqrestore() to replace rqlock/unlock() in the scxdump_state().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68202.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/13d1c96d3a9f208bc1aa8642f6362dca25a157d2
- https://git.kernel.org/stable/c/5f02151c411dda46efcc5dc57b0845efcdcfc26d
- https://git.kernel.org/stable/c/b6109750063d3b9aca1c57031213ac5485a06c54
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68202.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68202
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced07814a9439a3b03d79a1001614b5bc1cab69bcecFixed13d1c96d3a9f208bc1aa8642f6362dca25a157d2Fixedb6109750063d3b9aca1c57031213ac5485a06c54Fixed5f02151c411dda46efcc5dc57b0845efcdcfc26d