CVE-2025-68168
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-68168, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on read-only filesystems. When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction. However, txEnd(0) still gets called and tries to access TxBlock[0].waitor via tid_to_tblock(0), but this waitqueue was never initialized because the initialization loop started at index 1 instead of 0. This causes a 'non-static key' lockdep warning and system crash: INFO: trying to register non-static key in txEnd Fix by ensuring all transaction blocks including TxBlock[0] have their waitqueues properly initialized during txInit().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-07-06
AI Q&A
2025-12-16
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's JFS transaction manager. The issue is that the waitqueue for TxBlock[0] was not initialized properly during transaction manager initialization. When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction, but txEnd(0) still gets called and tries to access the uninitialized waitqueue TxBlock[0].waitor. This causes a system crash and a lockdep warning. The fix ensures that all transaction blocks, including TxBlock[0], have their waitqueues properly initialized.

Impact Analysis

This vulnerability can cause a system crash when the Linux kernel's JFS transaction manager handles read-only filesystems. Specifically, the uninitialized waitqueue leads to a crash and lockdep warning, potentially causing system instability or downtime.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the jfs transaction manager initialization bug is fixed. This ensures that TxBlock[0].waitor waitqueue is properly initialized, preventing the crash when txEnd(0) is called on read-only filesystems.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart