CVE-2025-68202

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68202
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68202
Downstream
Related
Published
2025-12-16T13:48:30.376Z
Modified
2026-03-20T12:46:17.641323Z
Summary
sched_ext: Fix unsafe locking in the scx_dump_state()
Details

In the Linux kernel, the following vulnerability has been resolved:

schedext: Fix unsafe locking in the scxdump_state()

For built with CONFIGPREEMPTRT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur:

inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. irq_work/0/27 [HC0[0]:SC0[0]:HE1:SE1] takes: (&rq->__lock){?...}-{2:2}, at: rawspinrqlocknested+0x2b/0x40 {IN-HARDIRQ-W} state was registered at: lockacquire+0x1e1/0x510 rawspinlocknested+0x42/0x80 rawspinrqlocknested+0x2b/0x40 schedtick+0xae/0x7b0 updateprocesstimes+0x14c/0x1b0 tickperiodic+0x62/0x1f0 tickhandleperiodic+0x48/0xf0 timerinterrupt+0x55/0x80 __handleirqeventpercpu+0x20a/0x5c0 handleirqeventpercpu+0x18/0xc0 handleirqevent+0xb5/0x150 handlelevelirq+0x220/0x460 __commoninterrupt+0xa2/0x1e0 commoninterrupt+0xb0/0xd0 asmcommoninterrupt+0x2b/0x40 rawspinunlockirqrestore+0x45/0x80 _setupirq+0xc34/0x1a30 requestthreadedirq+0x214/0x2f0 hpettimeinit+0x3e/0x60 x86latetimeinit+0x5b/0xb0 startkernel+0x308/0x410 x8664startreservations+0x1c/0x30 x8664startkernel+0x96/0xa0 commonstartup64+0x13e/0x148

other info that might help us debug this: Possible unsafe locking scenario:

    CPU0
    ----

lock(&rq->__lock); <Interrupt> lock(&rq->__lock);

*** DEADLOCK ***

stack backtrace: CPU: 0 UID: 0 PID: 27 Comm: irqwork/0 Call Trace: <TASK> dumpstacklvl+0x8c/0xd0 dumpstack+0x14/0x20 printusagebug+0x42e/0x690 mark_lock.part.44+0x867/0xa70 ? __pfxmarklock.part.44+0x10/0x10 ? string_nocheck+0x19c/0x310 ? number+0x739/0x9f0 ? __pfxstringnocheck+0x10/0x10 ? __pfxcheckpointer+0x10/0x10 ? kvmschedclock_read+0x15/0x30 ? schedclocknoinstr+0xd/0x20 ? localclocknoinstr+0x1c/0xe0 __lock_acquire+0xc4b/0x62b0 ? __pfxformatdecode+0x10/0x10 ? __pfxstring+0x10/0x10 ? pfxlock_acquire+0x10/0x10 ? __pfxvsnprintf+0x10/0x10 lockacquire+0x1e1/0x510 ? rawspinrqlocknested+0x2b/0x40 ? __pfxlockacquire+0x10/0x10 ? dumpline+0x12e/0x270 ? rawspinrqlocknested+0x20/0x40 rawspinlocknested+0x42/0x80 ? rawspinrqlocknested+0x2b/0x40 rawspinrqlocknested+0x2b/0x40 scxdumpstate+0x3b3/0x1270 ? finishtaskswitch+0x27e/0x840 scxopserrorirqworkfn+0x67/0x80 irqworksingle+0x113/0x260 irqworkrunlist.part.3+0x44/0x70 runirqworkd+0x6b/0x90 ? __pfxrunirqworkd+0x10/0x10 smpbootthread_fn+0x529/0x870 ? __pfxsmpbootthread_fn+0x10/0x10 kthread+0x305/0x3f0 ? __pfxkthread+0x10/0x10 retfrom_fork+0x40/0x70 ? __pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK>

This commit therefore use rqlockirqsave/irqrestore() to replace rqlock/unlock() in the scxdump_state().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68202.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
07814a9439a3b03d79a1001614b5bc1cab69bcec
Fixed
13d1c96d3a9f208bc1aa8642f6362dca25a157d2
Fixed
b6109750063d3b9aca1c57031213ac5485a06c54
Fixed
5f02151c411dda46efcc5dc57b0845efcdcfc26d

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.59
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68202.json"