DEBIAN-CVE-2025-68240
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-68240
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68240.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-68240
- Upstream
- Published
- 2025-12-16T15:15:53.173Z
- Modified
- 2026-01-10T14:19:58.898852Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem [1] reported by syzbot when freeing sci due to the sctimer not being closed. Because the thread sctask main function nilfssegctorthread() returns 0 when it succeeds, when the return value of kthreadstop() is not 0 in nilfssegctordestroy(), we believe that it has not properly closed sctimer. We use timershutdownsync() to sync wait for sctimer to shutdown, and set the value of sctask to NULL under the protection of lock scstatelock, so as to avoid the issue caused by sctimer not being properly shutdowned. [1] ODEBUG: free active (active state 0) object: 00000000dacb411a object type: timerlist hint: nilfsconstructiontimeout Call trace: nilfssegctordestroy fs/nilfs2/segment.c:2811 [inline] nilfsdetachlogwriter+0x668/0x8cc fs/nilfs2/segment.c:2877 nilfsput_super+0x4c/0x12c fs/nilfs2/super.c:509
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.12.63-1
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.17.9-1