Skip to main content

Linux CVE-2025-68823

MEDIUM
Improper Locking (CWE-667)
2026-01-13 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Feb 26, 2026 - 18:43 nvd
Patch available
CVE Published
Jan 13, 2026 - 16:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ublk: fix deadlock when reading partition table

When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur:

  1. bdev_open() grabs disk->open_mutex
  2. The process issues read I/O to ublk backend to read partition table
  3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request()

runs bio->bi_end_io() callbacks

  1. If this triggers fput() on file descriptor of ublk block device, the

work may be deferred to current task's task work (see fput() implementation)

  1. This eventually calls blkdev_release() from the same context
  2. blkdev_release() tries to grab disk->open_mutex again
  3. Deadlock: same task waiting for a mutex it already holds

The fix is to run blk_update_request() and blk_mq_end_request() with bottom halves disabled. This forces blkdev_release() to run in kernel work-queue context instead of current task work context, and allows ublk server to make forward progress, and avoids the deadlock.

[axboe: rewrite comment in ublk]

AnalysisAI

In the Linux kernel, the following vulnerability has been resolved:

ublk: fix deadlock when reading partition table

When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur:

  1. bdev_open() grabs disk->open_mutex
  2. [CVSS 5.5 MEDIUM]

Technical ContextAI

Classified as CWE-667 (Improper Locking). Affects Linux Kernel. In the Linux kernel, the following vulnerability has been resolved:

ublk: fix deadlock when reading partition table

When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur:

  1. bdev_open() grabs disk->open_mutex
  2. The process issues read I/O to ublk backend to read partition table
  3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request()

runs bio->bi_end_io() callbacks

  1. If this triggers fput() on f

RemediationAI

A vendor patch is available — apply it immediately.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 16.0 Fixed

Share

CVE-2025-68823 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy