CVE-2025-68240

EPSS 0.02%
Veröffentlicht 16.12.2025 14:21:17
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

nilfs2: avoid having an active sc_timer before freeing sci

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: avoid having an active sc_timer before freeing sci

Because kthread_stop did not stop sc_task properly and returned -EINTR,
the sc_timer was not properly closed, ultimately causing the problem [1]
reported by syzbot when freeing sci due to the sc_timer not being closed.

Because the thread sc_task main function nilfs_segctor_thread() returns 0
when it succeeds, when the return value of kthread_stop() is not 0 in
nilfs_segctor_destroy(), we believe that it has not properly closed
sc_timer.

We use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and
set the value of sc_task to NULL under the protection of lock
sc_state_lock, so as to avoid the issue caused by sc_timer not being
properly shutdowned.

[1]
ODEBUG: free active (active state 0) object: 00000000dacb411a object type: timer_list hint: nilfs_construction_timeout
Call trace:
 nilfs_segctor_destroy fs/nilfs2/segment.c:2811 [inline]
 nilfs_detach_log_writer+0x668/0x8cc fs/nilfs2/segment.c:2877
 nilfs_put_super+0x4c/0x12c fs/nilfs2/super.c:509

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Version < 36049e81dc7f077e0e24d5b9688a7458beacef8f

Status affected

Version 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Version < 2f65799e2a736d556d306440c4e1e8906736117a

Status affected

Version 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Version < 9a6b60cb147d53968753a34805211d2e5e08c027

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.12

Status affected

Version 0

Version < 6.12

Status unaffected

Version <= 6.12.*

Version 6.12.59

Status unaffected

Version <= 6.17.*

Version 6.17.9

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/36049e81dc7f077e0e24d5b9688a7458beacef8f

https://git.kernel.org/stable/c/2f65799e2a736d556d306440c4e1e8906736117a

https://git.kernel.org/stable/c/9a6b60cb147d53968753a34805211d2e5e08c027

https://nvd.nist.gov/vuln/detail/CVE-2025-68240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68240

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-68240