CVE-2025-68168
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's JFS transaction manager. The issue is that the waitqueue for TxBlock[0] was not initialized properly during transaction manager initialization. When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction, but txEnd(0) still gets called and tries to access the uninitialized waitqueue TxBlock[0].waitor. This causes a system crash and a lockdep warning. The fix ensures that all transaction blocks, including TxBlock[0], have their waitqueues properly initialized.
How can this vulnerability impact me? :
This vulnerability can cause a system crash when the Linux kernel's JFS transaction manager handles read-only filesystems. Specifically, the uninitialized waitqueue leads to a crash and lockdep warning, potentially causing system instability or downtime.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the jfs transaction manager initialization bug is fixed. This ensures that TxBlock[0].waitor waitqueue is properly initialized, preventing the crash when txEnd(0) is called on read-only filesystems.