CVE-2025-68299Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread19 documents7 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.1%
top 69.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 16
Latest updateApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by afs_parse_source() parsing the device name given to mount() and calling afs_lookup_cell() with the name of the cell. The normal key lookup then tries to use the key description on the anonymous authenticat

Affected Packages5 packages

Linuxlinux/linux_kernel6.17.96.17.11
Debianlinux/linux_kernel< 6.17.11-1
Ubuntulinux/linux_kernel< 6.17.0-19.19
CVEListV5linux/linux7e33b15d5a6578a99ebf189cea34983270ae92dd5613bde937dfac6725e9c3fc766b9d6b8481e55b+2
debiandebian/linux< linux 6.17.11-1 (forky)

🔴Vulnerability Details

9
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-realtime-6.17 vulnerabilities2026-03-23
OSV
linux-gcp-6.17, linux-realtime vulnerabilities2026-03-17

📋Vendor Advisories

8
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-03-23
Ubuntu
Linux kernel vulnerabilities2026-03-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68299 Impact, Exploitability, and Mitigation Steps | Wiz