CVE-2025-68336
- Source
- https://cve.org/CVERecord?id=CVE-2025-68336
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68336.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68336
- Downstream
- Related
- Published
- 2025-12-22T16:14:13.425Z
- Modified
- 2026-03-20T12:46:22.986555Z
- Summary
- locking/spinlock/debug: Fix data-race in do_raw_write_lock
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
locking/spinlock/debug: Fix data-race in dorawwrite_lock
KCSAN reports:
BUG: KCSAN: data-race in dorawwritelock / dorawwritelock
write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: dorawwritelock+0x120/0x204 rawwritelockirq doexit callusermodehelperexecasync retfrom_fork
read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0: dorawwritelock+0x88/0x204 rawwritelockirq doexit callusermodehelperexecasync retfrom_fork
value changed: 0xffffffff -> 0x00000001
Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111
Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has adressed most of these races, but seems to be not consistent/not complete.
From dorawwritelock() only debugwritelockafter() part has been converted to WRITEONCE(), but not debugwritelockbefore() part. Do it now.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68336.json" }- References
-
- https://git.kernel.org/stable/c/16b3590c0e1e615757dade098c8fbc0d4f040c76
- https://git.kernel.org/stable/c/396a9270a7b90886be501611b13aa636f2e8c703
- https://git.kernel.org/stable/c/39d2ef113416f1a4205b03fb0aa2e428d1412c77
- https://git.kernel.org/stable/c/8e5b2cf10844402054b52b489b525dc30cc16908
- https://git.kernel.org/stable/c/93bd23524d63deb80fb85beb2e43fafeb1043d0f
- https://git.kernel.org/stable/c/b163a5e8c703201c905d6ec7920ed79d167e8442
- https://git.kernel.org/stable/c/c14ecb555c3ee80eeb030a4e46d00e679537f03a
- https://git.kernel.org/stable/c/c228cb699a07a5f2d596d186bc5c314c99bb8bbf
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68336.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68336
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1a365e822372ba24c9da0822bc583894f6f3d821Fixed8e5b2cf10844402054b52b489b525dc30cc16908Fixedc228cb699a07a5f2d596d186bc5c314c99bb8bbfFixed93bd23524d63deb80fb85beb2e43fafeb1043d0fFixed39d2ef113416f1a4205b03fb0aa2e428d1412c77Fixedb163a5e8c703201c905d6ec7920ed79d167e8442Fixed16b3590c0e1e615757dade098c8fbc0d4f040c76Fixed396a9270a7b90886be501611b13aa636f2e8c703Fixedc14ecb555c3ee80eeb030a4e46d00e679537f03a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected3106fb78d3579c8e9c9b3040f7f7841981919624Last affectedc0911024ff927ba5c4786b507004cb615be1d776Last affected09226e5c38639437565af01e6009a9286a351d04Last affectedc7673f01604fa722b9d7c1e29e17cec1b8ae09c5Last affectedc120c3dbeb76305235c8e557f84d9e2d7d0f5933
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.248
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.198
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.160
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.120
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.62
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.12
- Type
- ECOSYSTEM
- Events
-
Introduced6.18.0Fixed6.18.1