CVE-2025-68823
Description
In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur: 1. bdev_open() grabs disk->open_mutex 2. The process issues read I/O to ublk backend to read partition table 3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request() runs bio->bi_end_io() callbacks 4. If this triggers fput() on file descriptor of ublk block device, the work may be deferred to current task's task work (see fput() implementation) 5. This eventually calls blkdev_release() from the same context 6. blkdev_release() tries to grab disk->open_mutex again 7. Deadlock: same task waiting for a mutex it already holds The fix is to run blk_update_request() and blk_mq_end_request() with bottom halves disabled. This forces blkdev_release() to run in kernel work-queue context instead of current task work context, and allows ublk server to make forward progress, and avoids the deadlock. [axboe: rewrite comment in ublk]
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Linux kernel Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.19 | Affected | โ |
| โ | Affected | 6.6.124 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.73-1 |
| sid | Fixed | 6.18.3-1 |
| forky | Fixed | 6.18.3-1 |
| bullseye | Fixed | 0 |
| bookworm | Affected | โ |
References
- https://www.suse.com/security/cve/CVE-2025-68823.html
- https://security-tracker.debian.org/tracker/CVE-2025-68823
- https://git.kernel.org/stable/c/0460e09a614291f06c008443f47393c37b7358e7
- https://git.kernel.org/stable/c/27bb79b7717b2fbb111a1c13548b2786ee712dca
- https://git.kernel.org/stable/c/64c0b7e2293757e8320f13434cd809f1c9257a62
- https://git.kernel.org/stable/c/9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7
- https://git.kernel.org/stable/c/c258f5c4502c9667bccf5d76fa731ab9c96687c1
CWEs
CWE-667
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.