CVE-2025-68823

{"id": "CVE-2025-68823", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-01-13T16:16:04.660", "references": [{"url": "https://git.kernel.org/stable/c/0460e09a614291f06c008443f47393c37b7358e7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/27bb79b7717b2fbb111a1c13548b2786ee712dca", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/64c0b7e2293757e8320f13434cd809f1c9257a62", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c258f5c4502c9667bccf5d76fa731ab9c96687c1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix deadlock when reading partition table\n\nWhen one process(such as udev) opens ublk block device (e.g., to read\nthe partition table via bdev_open()), a deadlock[1] can occur:\n\n1. bdev_open() grabs disk->open_mutex\n2. The process issues read I/O to ublk backend to read partition table\n3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request()\n runs bio->bi_end_io() callbacks\n4. If this triggers fput() on file descriptor of ublk block device, the\n work may be deferred to current task's task work (see fput() implementation)\n5. This eventually calls blkdev_release() from the same context\n6. blkdev_release() tries to grab disk->open_mutex again\n7. Deadlock: same task waiting for a mutex it already holds\n\nThe fix is to run blk_update_request() and blk_mq_end_request() with bottom\nhalves disabled. This forces blkdev_release() to run in kernel work-queue\ncontext instead of current task work context, and allows ublk server to make\nforward progress, and avoids the deadlock.\n\n[axboe: rewrite comment in ublk]"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nublk: soluciona un interbloqueo al leer la tabla de particiones\n\nCuando un proceso (como udev) abre el dispositivo de bloques ublk (por ejemplo, para leer la tabla de particiones a trav\u00e9s de bdev_open()), puede ocurrir un interbloqueo[1]:\n\n1. bdev_open() adquiere disk->open_mutex\n2. El proceso emite E/S de lectura al backend de ublk para leer la tabla de particiones\n3. En __ublk_complete_rq(), blk_update_request() o blk_mq_end_request() ejecuta las retrollamadas bio->bi_end_io()\n4. Si esto activa fput() en el descriptor de archivo del dispositivo de bloques ublk, el trabajo puede ser aplazado al trabajo de tarea de la tarea actual (ver la implementaci\u00f3n de fput())\n5. Esto finalmente llama a blkdev_release() desde el mismo contexto\n6. blkdev_release() intenta adquirir disk->open_mutex de nuevo\n7. Interbloqueo: misma tarea esperando por un mutex que ya posee\n\nLa soluci\u00f3n es ejecutar blk_update_request() y blk_mq_end_request() con las mitades inferiores deshabilitadas. Esto fuerza a blkdev_release() a ejecutarse en el contexto de la cola de trabajo del kernel en lugar del contexto de trabajo de la tarea actual, y permite al servidor ublk avanzar, y evita el interbloqueo.\n\n[axboe: reescribir comentario en ublk]"}], "lastModified": "2026-06-01T17:16:38.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A21134-3555-4ED3-8B0A-940F93C45530", "versionEndExcluding": "6.6.124", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3791390-0628-4808-99EF-1ED8ABF60933", "versionEndExcluding": "6.12.70", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC484D8-FB4F-4112-900F-AE333B6FE7A7", "versionEndExcluding": "6.18.3", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}