CVE-2025-68339
Unknown Unknown - Not Provided
Data Race in Linux Kernel atm/fore200e Causes Bandwidth Misaccounting

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in the error handling path of fore200e_open() to prevent a data race. The field fore200e->available_cell_rate is a shared resource used to track available bandwidth. It is concurrently accessed by fore200e_open(), fore200e_close(), and fore200e_change_qos(). In fore200e_open(), the lock rate_mtx is correctly held when subtracting vcc->qos.txtp.max_pcr from available_cell_rate to reserve bandwidth. However, if the subsequent call to fore200e_activate_vcin() fails, the function restores the reserved bandwidth by adding back to available_cell_rate without holding the lock. This introduces a race condition because available_cell_rate is a global device resource shared across all VCCs. If the error path in fore200e_open() executes concurrently with operations like fore200e_close() or fore200e_change_qos() on other VCCs, a read-modify-write race occurs. Specifically, the error path reads the rate without the lock. If another CPU acquires the lock and modifies the rate (e.g., releasing bandwidth in fore200e_close()) between this read and the subsequent write, the error path will overwrite the concurrent update with a stale value. This results in incorrect bandwidth accounting.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68339
EUVD
EUVD-2025-204797
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a data race condition in the Linux kernel's fore200e driver. Specifically, in the fore200e_open() function, the code fails to properly lock access to the shared resource 'available_cell_rate' during an error handling path. When fore200e_activate_vcin() fails, the function restores reserved bandwidth without holding the necessary lock, leading to concurrent access issues. This can cause incorrect bandwidth accounting because multiple threads may read and write to 'available_cell_rate' simultaneously without synchronization.

Impact Analysis

The vulnerability can lead to incorrect bandwidth accounting in the affected device. Because of the race condition, bandwidth may be improperly reserved or released, potentially causing network performance issues or resource mismanagement. This could affect the stability and reliability of network connections managed by the fore200e driver.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the fore200e driver has been patched to fix the data race in fore200e_open(). This involves ensuring that the fore200e_open() function properly protects access to available_cell_rate with the rate_mtx lock in all code paths, including error handling. Until the patch is applied, avoid using the fore200e driver or disable the affected ATM device if possible to prevent race conditions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68339. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart