CVE-2025-68240

EPSS 0.02%
Veröffentlicht 16.12.2025 14:21:17
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: avoid having an active sc_timer before freeing sci

Because kthread_stop did not stop sc_task properly and returned -EINTR,
the sc_timer was not properly closed, ultimately causing the problem [1]
reported by syzbot when freeing sci due to the sc_timer not being closed.

Because the thread sc_task main function nilfs_segctor_thread() returns 0
when it succeeds, when the return value of kthread_stop() is not 0 in
nilfs_segctor_destroy(), we believe that it has not properly closed
sc_timer.

We use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and
set the value of sc_task to NULL under the protection of lock
sc_state_lock, so as to avoid the issue caused by sc_timer not being
properly shutdowned.

[1]
ODEBUG: free active (active state 0) object: 00000000dacb411a object type: timer_list hint: nilfs_construction_timeout
Call trace:
 nilfs_segctor_destroy fs/nilfs2/segment.c:2811 [inline]
 nilfs_detach_log_writer+0x668/0x8cc fs/nilfs2/segment.c:2877
 nilfs_put_super+0x4c/0x12c fs/nilfs2/super.c:509

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 36049e81dc7f077e0e24d5b9688a7458beacef8f

Version 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Status affected

Version < 2f65799e2a736d556d306440c4e1e8906736117a

Version 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Status affected

Version < 9a6b60cb147d53968753a34805211d2e5e08c027

Version 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.12

Status affected

Version < 6.12

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.59

Status unaffected

Version <= 6.17.*

Version 6.17.9

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/36049e81dc7f077e0e24d5b9688a7458beacef8f

https://git.kernel.org/stable/c/2f65799e2a736d556d306440c4e1e8906736117a

https://git.kernel.org/stable/c/9a6b60cb147d53968753a34805211d2e5e08c027

https://nvd.nist.gov/vuln/detail/CVE-2025-68240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68240

EUVD