CVE-2025-68823
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur: 1. bdev_open() grabs disk->open_mutex 2. The process issues read I/O to ublk backend to read partition table 3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request() runs bio->bi_end_io() callbacks 4. If this triggers fput() on file descriptor of ublk block device, the work may be deferred to current task's task work (see fput() implementation) 5. This eventually calls blkdev_release() from the same context 6. blkdev_release() tries to grab disk->open_mutex again 7. Deadlock: same task waiting for a mutex it already holds The fix is to run blk_update_request() and blk_mq_end_request() with bottom halves disabled. This forces blkdev_release() to run in kernel work-queue context instead of current task work context, and allows ublk server to make forward progress, and avoids the deadlock. [axboe: rewrite comment in ublk]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68823
EUVD
EUVD-2026-2278
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.3 (exc)
linux linux_kernel From 6.0 (inc) to 6.6.124 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.70 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a deadlock issue in the Linux kernel's ublk block device driver. When a process (like udev) opens a ublk block device to read the partition table, it acquires a mutex (disk->open_mutex). During the read operation, certain callbacks may trigger a file descriptor release (fput()), which tries to acquire the same mutex again in the same context, causing a deadlock because the mutex is already held by the same task. The fix involves running specific request completion functions with bottom halves disabled, forcing the release operation to run in a different kernel context and thus avoiding the deadlock.

Impact Analysis

This vulnerability can cause a deadlock in the Linux kernel when reading the partition table from a ublk block device. This deadlock can halt the progress of the ublk server and potentially block processes that rely on accessing the block device, leading to system instability or unresponsiveness during such operations.

Mitigation Strategies

The vulnerability is fixed by running blk_update_request() and blk_mq_end_request() with bottom halves disabled to avoid deadlock. Immediate mitigation would involve updating the Linux kernel to a version that includes this fix to prevent the deadlock when reading the partition table via ublk block device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart