CVE-2025-68265
- Source
- https://cve.org/CVERecord?id=CVE-2025-68265
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68265.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68265
- Downstream
- Published
- 2025-12-16T14:47:05.303Z
- Modified
- 2026-03-09T23:55:00.705898Z
- Summary
- nvme: fix admin request_queue lifetime
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin request_queue lifetime
The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by moving the controller's 'put' to after all controller references have been released to ensure no one is can access the request_queue. This fixes a reported use-after-free bug:
BUG: KASAN: slab-use-after-free in blkqueueenter+0x41c/0x4a0 Read of size 8 at addr ffff88c0a53819f8 by task nvme/3287 CPU: 67 UID: 0 PID: 3287 Comm: nvme Tainted: G E 6.13.2-ga1582f1a031e #15 Tainted: [E]=UNSIGNEDMODULE Hardware name: Jabil /EGS 2S MB1, BIOS 1.00 06/18/2025 Call Trace: <TASK> dumpstacklvl+0x4f/0x60 printreport+0xc4/0x620 ? rawspinlockirqsave+0x70/0xb0 ? rawreadunlockirqrestore+0x30/0x30 ? blkqueueenter+0x41c/0x4a0 kasanreport+0xab/0xe0 ? blkqueueenter+0x41c/0x4a0 blkqueue_enter+0x41c/0x4a0 ? __irqworkqueuelocal+0x75/0x1d0 ? blkqueuestartdrain+0x70/0x70 ? irqworkqueue+0x18/0x20 ? vprintkemit.part.0+0x1cc/0x350 ? wakeupklogdworkfunc+0x60/0x60 blkmqallocrequest+0x2b7/0x6b0 ? __blkmqalloc_requests+0x1060/0x1060 ? __switchto+0x5b7/0x1060 nvmesubmitusercmd+0xa9/0x330 nvmeusercmd.isra.0+0x240/0x3f0 ? forcesigsegv+0xe0/0xe0 ? nvmeusercmd64+0x400/0x400 ? vfsfileattrset+0x9b0/0x9b0 ? cgroupupdatefrozenflag+0x24/0x1c0 ? cgroupleavefrozen+0x204/0x330 ? nvmeioctl+0x7c/0x2c0 blkdevioctl+0x1a8/0x4d0 ? blkdevcommonioctl+0x1930/0x1930 ? fdget+0x54/0x380 _x64sysioctl+0x129/0x190 dosyscall64+0x5b/0x160 entrySYSCALL64afterhwframe+0x4b/0x53 RIP: 0033:0x7f765f703b0b Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d dd 52 0f 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe2cefe808 EFLAGS: 00000202 ORIGRAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffe2cefe860 RCX: 00007f765f703b0b RDX: 00007ffe2cefe860 RSI: 00000000c0484e41 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000 R10: 00007f765f611d50 R11: 0000000000000202 R12: 0000000000000003 R13: 00000000c0484e41 R14: 0000000000000001 R15: 00007ffe2cefea60 </TASK>
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68265.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/03b3bcd319b3ab5182bc9aaa0421351572c78ac0
- https://git.kernel.org/stable/c/a505f0ba36ab24176c300d7ff56aff85c2977e6c
- https://git.kernel.org/stable/c/e7dac681790556c131854b97551337aa8042215b
- https://git.kernel.org/stable/c/e8061d02b49c5c901980f58d91e96580e9a14acf
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68265.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68265
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfe60e8c534118a288cd251a59d747cbf5c03e160Fixeda505f0ba36ab24176c300d7ff56aff85c2977e6cFixede8061d02b49c5c901980f58d91e96580e9a14acfFixede7dac681790556c131854b97551337aa8042215bFixed03b3bcd319b3ab5182bc9aaa0421351572c78ac0