How to fix CVE-2025-68823?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Linux Kernel affected by CVE-2025-68823?

CVE-2025-68823 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. A patch is available and should be applied during regular vulnerability management.

CVE-2025-68823

MEDIUM

2026-01-13 416baaa9-dc9f-4396-8d5f-8c081fb06d67

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Feb 26, 2026 - 18:43 nvd

Patch available

CVE Published

Jan 13, 2026 - 16:16 nvd

MEDIUM 5.5

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur: 1. bdev_open() grabs disk->open_mutex 2. The process issues read I/O to ublk backend to read partition table 3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request() runs bio->bi_end_io() callbacks 4. If this triggers fput() on file descriptor of ublk block device, the work may be deferred to current task's task work (see fput() implementation) 5. This eventually calls blkdev_release() from the same context 6. blkdev_release() tries to grab disk->open_mutex again 7. Deadlock: same task waiting for a mutex it already holds The fix is to run blk_update_request() and blk_mq_end_request() with bottom halves disabled. This forces blkdev_release() to run in kernel work-queue context instead of current task work context, and allows ublk server to make forward progress, and avoids the deadlock. [axboe: rewrite comment in ublk]

Analysis

In the Linux kernel, the following vulnerability has been resolved:

ublk: fix deadlock when reading partition table

When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur:

bdev_open() grabs disk->open_mutex
[CVSS 5.5 MEDIUM]

Technical Context

Classified as CWE-667 (Improper Locking). Affects Linux Kernel. In the Linux kernel, the following vulnerability has been resolved:

ublk: fix deadlock when reading partition table

When one process(such as udev) opens ublk block device (e.g., to read

the partition table via bdev_open()), a deadlock[1] can occur:

1. bdev_open() grabs disk->open_mutex

2. The process issues read I/O to ublk backend to read partition table

3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request()

runs bio->bi_end_io() callbacks

4. If this triggers fput() on f

Affected Products

Vendor: Linux. Product: Linux Kernel.

Remediation

A vendor patch is available — apply it immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +28

POC: 0

Vendor Status

CVE-2025-68823 vulnerability details – vuln.today

Back

CVE-2025-68823

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-68823

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code