CVE-2025-68240

Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem [1] reported by syzbot when freeing sci due to the sctimer not being closed.

Because the thread sctask main function nilfssegctorthread() returns 0 when it succeeds, when the return value of kthreadstop() is not 0 in nilfssegctordestroy(), we believe that it has not properly closed sc_timer.

We use timershutdownsync() to sync wait for sctimer to shutdown, and set the value of sctask to NULL under the protection of lock scstatelock, so as to avoid the issue caused by sc_timer not being properly shutdowned.

[1] ODEBUG: free active (active state 0) object: 00000000dacb411a object type: timerlist hint: nilfsconstructiontimeout Call trace: nilfssegctordestroy fs/nilfs2/segment.c:2811 [inline] nilfsdetachlogwriter+0x668/0x8cc fs/nilfs2/segment.c:2877 nilfsputsuper+0x4c/0x12c fs/nilfs2/super.c:509

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68240.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Fixed

36049e81dc7f077e0e24d5b9688a7458beacef8f

Fixed

2f65799e2a736d556d306440c4e1e8906736117a

Fixed

9a6b60cb147d53968753a34805211d2e5e08c027

Affected versions

v6.*

v6.11

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.4

v6.12.40

v6.12.41

v6.12.42

v6.12.43

v6.12.44

v6.12.45

v6.12.46

v6.12.47

v6.12.48

v6.12.49

v6.12.5

v6.12.50

v6.12.51

v6.12.52

v6.12.53

v6.12.54

v6.12.55

v6.12.56

v6.12.57

v6.12.58

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.17.1

v6.17.2

v6.17.3

v6.17.4

v6.17.5

v6.17.6

v6.17.7

v6.17.8

v6.18-rc1

v6.18-rc2

v6.18-rc3

v6.18-rc4

v6.18-rc5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68240.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.12.0

Fixed

6.12.59

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68240.json"