{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68240", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.263Z", "datePublished": "2025-12-16T14:21:17.710Z", "dateUpdated": "2025-12-16T14:21:17.710Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-16T14:21:17.710Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: avoid having an active sc_timer before freeing sci\n\nBecause kthread_stop did not stop sc_task properly and returned -EINTR,\nthe sc_timer was not properly closed, ultimately causing the problem [1]\nreported by syzbot when freeing sci due to the sc_timer not being closed.\n\nBecause the thread sc_task main function nilfs_segctor_thread() returns 0\nwhen it succeeds, when the return value of kthread_stop() is not 0 in\nnilfs_segctor_destroy(), we believe that it has not properly closed\nsc_timer.\n\nWe use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and\nset the value of sc_task to NULL under the protection of lock\nsc_state_lock, so as to avoid the issue caused by sc_timer not being\nproperly shutdowned.\n\n[1]\nODEBUG: free active (active state 0) object: 00000000dacb411a object type: timer_list hint: nilfs_construction_timeout\nCall trace:\n nilfs_segctor_destroy fs/nilfs2/segment.c:2811 [inline]\n nilfs_detach_log_writer+0x668/0x8cc fs/nilfs2/segment.c:2877\n nilfs_put_super+0x4c/0x12c fs/nilfs2/super.c:509"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nilfs2/segment.c"], "versions": [{"version": "3f66cc261ccb54a8e4d8d5aa51c389c19453b00c", "lessThan": "36049e81dc7f077e0e24d5b9688a7458beacef8f", "status": "affected", "versionType": "git"}, {"version": "3f66cc261ccb54a8e4d8d5aa51c389c19453b00c", "lessThan": "2f65799e2a736d556d306440c4e1e8906736117a", "status": "affected", "versionType": "git"}, {"version": "3f66cc261ccb54a8e4d8d5aa51c389c19453b00c", "lessThan": "9a6b60cb147d53968753a34805211d2e5e08c027", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nilfs2/segment.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.59", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.9", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.17.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/36049e81dc7f077e0e24d5b9688a7458beacef8f"}, {"url": "https://git.kernel.org/stable/c/2f65799e2a736d556d306440c4e1e8906736117a"}, {"url": "https://git.kernel.org/stable/c/9a6b60cb147d53968753a34805211d2e5e08c027"}], "title": "nilfs2: avoid having an active sc_timer before freeing sci", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: avoid having an active sc_timer before freeing sci\n\nBecause kthread_stop did not stop sc_task properly and returned -EINTR,\nthe sc_timer was not properly closed, ultimately causing the problem [1]\nreported by syzbot when freeing sci due to the sc_timer not being closed.\n\nBecause the thread sc_task main function nilfs_segctor_thread() returns 0\nwhen it succeeds, when the return value of kthread_stop() is not 0 in\nnilfs_segctor_destroy(), we believe that it has not properly closed\nsc_timer.\n\nWe use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and\nset the value of sc_task to NULL under the protection of lock\nsc_state_lock, so as to avoid the issue caused by sc_timer not being\nproperly shutdowned.\n\n[1]\nODEBUG: free active (active state 0) object: 00000000dacb411a object type: timer_list hint: nilfs_construction_timeout\nCall trace:\n nilfs_segctor_destroy fs/nilfs2/segment.c:2811 [inline]\n nilfs_detach_log_writer+0x668/0x8cc fs/nilfs2/segment.c:2877\n nilfs_put_super+0x4c/0x12c fs/nilfs2/super.c:509"}], "id": "CVE-2025-68240", "lastModified": "2025-12-16T15:15:53.173", "metrics": {}, "published": "2025-12-16T15:15:53.173", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2f65799e2a736d556d306440c4e1e8906736117a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/36049e81dc7f077e0e24d5b9688a7458beacef8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9a6b60cb147d53968753a34805211d2e5e08c027"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}