CVE-2025-68768Deadlock in Linux

CWE-833Deadlock10 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September in NIPA. The stuck task was usually modprobe (often loading a driver like ipvlan), trying to take the lock as a Writer. lockdep does not track readers for rwsems so the read wasn't obvious from the reports. On closer inspection the Reader holding the lock was conntrack looping forever in nf_conntrac

Affected Packages7 packages

Linuxlinux/linux_kernel5.3.06.18.3
Debianlinux/linux_kernel< 6.18.3-1
CVEListV5linux/linuxd5dd88794a13c2f24cce31abad7a0a6c5e0ed2dbc70df25214ac9b32b53e18e6ae3b8f073ffa6903+2
debiandebian/linux< linux 6.18.3-1 (forky)

🔴Vulnerability Details

3
OSV
inet: frags: flush pending skbs in fqdir_pre_exit()2026-01-13
OSV
CVE-2025-68768: In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional2026-01-13
GHSA
GHSA-6g94-rwcj-hwx9: In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasion2026-01-13

📋Vendor Advisories

5
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Red Hat
kernel: inet: frags: flush pending skbs in fqdir_pre_exit()2026-01-13
Debian
CVE-2025-68768: linux - In the Linux kernel, the following vulnerability has been resolved: inet: frags...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-68768 Impact, Exploitability, and Mitigation Steps | Wiz