CVE-2025-68218
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves a potential deadlock caused by a lock dependency warning (lockdep WARN) related to the nvme-multipath driver. Specifically, the issue arises from the dependency among disk->open_mutex, kblockd workqueue completion, and partition_scan_work completion, which can lead to a deadlock during partition scanning. The fix involves changing the execution context of partition_scan_work from the kblockd workqueue to the nvme_wq workqueue to break this dependency and prevent the deadlock.
How can this vulnerability impact me? :
This vulnerability can cause a deadlock in the Linux kernel's nvme-multipath subsystem, potentially leading to system hangs or failures during disk partition scanning operations. This can affect system stability and availability, especially in environments relying on NVMe storage devices with multipath configurations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the nvme-multipath lockdep WARN issue is fixed by running the partition_scan_work on the nvme_wq workqueue instead of the kblockd workqueue, thereby avoiding the potential deadlock.