DEBIAN-CVE-2025-68373

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-68373

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68373.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-68373

Upstream

CVE-2025-68373

Published

2025-12-24T11:16:00.890Z

Modified

2026-03-11T07:38:26.110146Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: md: avoid repeated calls to delgendisk There is a uaf problem which is found by case 23rdev-lifetime: Oops: general protection fault, probably for non-canonical address 0xdead000000000122 RIP: 0010:bdiunregister+0x4b/0x170 Call Trace: <TASK> _delgendisk+0x356/0x3e0 mddevunlock+0x351/0x360 rdevattrstore+0x217/0x280 kernfsfopwriteiter+0x14a/0x210 vfswrite+0x29e/0x550 ksyswrite+0x74/0xf0 dosyscall64+0xbb/0x380 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7ff5250a177e The sequence is: 1. rdev remove path gets reconfigmutex 2. rdev remove path release reconfigmutex in mddevunlock 3. md stop calls domdstop and sets MDDELETED 4. rdev remove path calls delgendisk because MDDELETED is set 5. md stop path release reconfigmutex and calls delgendisk again So there is a race condition we should resolve. This patch adds a flag MDDODELETE to avoid the race condition.

References

https://security-tracker.debian.org/tracker/CVE-2025-68373

Affected packages

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.17.13-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.12.57-1~bpo12+1

6.12.57-1

6.12.63-1~bpo12+1

6.12.63-1

6.12.69-1~bpo12+1

6.12.69-1

6.12.73-1~bpo12+1

6.12.73-1

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

6.16.3-1

6.16.5-1

6.16.6-1

6.16.7-1

6.16.8-1

6.16.9-1

6.16.10-1

6.16.11-1

6.16.12-1~bpo13+1

6.16.12-1

6.16.12-2

6.17.2-1~exp1

6.17.5-1~exp1

6.17.6-1

6.17.7-1

6.17.7-2

6.17.8-1~bpo13+1

6.17.8-1

6.17.9-1

6.17.10-1

6.17.11-1

6.17.12-1

6.17.13-1~bpo13+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68373.json"