CVE-2025-68202

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68202
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68202
Aliases
Downstream
Published
2025-12-16T13:48:30.376Z
Modified
2026-01-14T18:42:44.040669Z
Summary
sched_ext: Fix unsafe locking in the scx_dump_state()
Details

In the Linux kernel, the following vulnerability has been resolved:

schedext: Fix unsafe locking in the scxdump_state()

For built with CONFIGPREEMPTRT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur:

inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. irqwork/0/27 [HC0[0]:SC0[0]:HE1:SE1] takes: (&rq->lock){?...}-{2:2}, at: rawspinrqlocknested+0x2b/0x40 {IN-HARDIRQ-W} state was registered at: lockacquire+0x1e1/0x510 rawspinlocknested+0x42/0x80 rawspinrqlocknested+0x2b/0x40 schedtick+0xae/0x7b0 updateprocesstimes+0x14c/0x1b0 tickperiodic+0x62/0x1f0 tickhandleperiodic+0x48/0xf0 timerinterrupt+0x55/0x80 _handleirqeventpercpu+0x20a/0x5c0 handleirqeventpercpu+0x18/0xc0 handleirqevent+0xb5/0x150 handlelevelirq+0x220/0x460 _commoninterrupt+0xa2/0x1e0 commoninterrupt+0xb0/0xd0 asmcommoninterrupt+0x2b/0x40 _rawspinunlockirqrestore+0x45/0x80 _setupirq+0xc34/0x1a30 requestthreadedirq+0x214/0x2f0 hpettimeinit+0x3e/0x60 x86latetimeinit+0x5b/0xb0 startkernel+0x308/0x410 x8664startreservations+0x1c/0x30 x8664startkernel+0x96/0xa0 commonstartup64+0x13e/0x148

other info that might help us debug this: Possible unsafe locking scenario:

    CPU0
    ----

lock(&rq->lock); <Interrupt> lock(&rq->lock);

* DEADLOCK *

stack backtrace: CPU: 0 UID: 0 PID: 27 Comm: irqwork/0 Call Trace: <TASK> dumpstacklvl+0x8c/0xd0 dumpstack+0x14/0x20 printusagebug+0x42e/0x690 marklock.part.44+0x867/0xa70 ? pfxmarklock.part.44+0x10/0x10 ? stringnocheck+0x19c/0x310 ? number+0x739/0x9f0 ? _pfxstringnocheck+0x10/0x10 ? _pfxcheckpointer+0x10/0x10 ? kvmschedclockread+0x15/0x30 ? schedclocknoinstr+0xd/0x20 ? localclocknoinstr+0x1c/0xe0 _lockacquire+0xc4b/0x62b0 ? _pfxformatdecode+0x10/0x10 ? _pfxstring+0x10/0x10 ? _pfxlockacquire+0x10/0x10 ? _pfxvsnprintf+0x10/0x10 lockacquire+0x1e1/0x510 ? rawspinrqlocknested+0x2b/0x40 ? _pfxlockacquire+0x10/0x10 ? dumpline+0x12e/0x270 ? rawspinrqlocknested+0x20/0x40 rawspinlocknested+0x42/0x80 ? rawspinrqlocknested+0x2b/0x40 rawspinrqlocknested+0x2b/0x40 scxdumpstate+0x3b3/0x1270 ? finishtaskswitch+0x27e/0x840 scxopserrorirqworkfn+0x67/0x80 irqworksingle+0x113/0x260 irqworkrunlist.part.3+0x44/0x70 runirqworkd+0x6b/0x90 ? _pfxrunirqworkd+0x10/0x10 smpbootthreadfn+0x529/0x870 ? _pfxsmpbootthreadfn+0x10/0x10 kthread+0x305/0x3f0 ? _pfxkthread+0x10/0x10 retfromfork+0x40/0x70 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK>

This commit therefore use rqlockirqsave/irqrestore() to replace rqlock/unlock() in the scxdump_state().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68202.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
07814a9439a3b03d79a1001614b5bc1cab69bcec
Fixed
13d1c96d3a9f208bc1aa8642f6362dca25a157d2
Fixed
b6109750063d3b9aca1c57031213ac5485a06c54
Fixed
5f02151c411dda46efcc5dc57b0845efcdcfc26d

Affected versions

v6.*
v6.10
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.53
v6.12.54
v6.12.55
v6.12.56
v6.12.57
v6.12.58
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.17.5
v6.17.6
v6.17.7
v6.17.8
v6.18-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.59
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json"