CVE-2025-68261Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition40 documents8 sources
Severity
7.8HIGHOSV
OSV7.2
No vector
EPSS
0.1%
top 79.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedDec 16
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout by clearing EXT4_INODE_INLINE_DATA and setting EXT4_INODE_EXTENTS. At the same time, another thread may execute ext4_map_blocks(), which tests EXT4_INODE_EXTENTS to decide whether to call ext4_ext_map_blocks() or ext4_ind

Affected Packages16 packages

Linuxlinux/linux_kernel4.11.05.10.248+6
Debianlinux/linux_kernel< 5.10.249-1+3
Ubuntulinux/linux_kernel< 5.15.0-173.183+1

🔴Vulnerability Details

16
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-intel-iot-realtime vulnerabilities2026-03-23

📋Vendor Advisories

22
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13

🕵️Threat Intelligence

1
Wiz
CVE-2025-68261 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-68261 — Linux vulnerability | cvebase