CVE-2025-68807Missing Initialization of Resource in Linux

CWE-909Missing Initialization of Resource10 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_default() is moved out of queue freezing in elevator_change(), it can cause the wbt inflight counter to become negative (-1), leading to hung tasks in the writeback path. Tasks get stuck in wbt_wait() because the counter is in an inconsistent state. The issue occurs because wbt_enable_default() could race with IO submission, allowing the counter to b

Affected Packages7 packages

Linuxlinux/linux_kernel6.16.06.18.3
Debianlinux/linux_kernel< 6.18.3-1
CVEListV5linux/linux78c271344b6f64ce24c845e54903e09928cf2061f55201fb3becff6a903fd29f4d1147cc7e91eb0c+2
debiandebian/linux< linux 6.18.3-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-89m4-pmw6-jxqj: In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_def2026-01-13
OSV
block: fix race between wbt_enable_default and IO submission2026-01-13
OSV
CVE-2025-68807: In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_defau2026-01-13

📋Vendor Advisories

5
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Red Hat
kernel: block: fix race between wbt_enable_default and IO submission2026-01-13
Debian
CVE-2025-68807: linux - In the Linux kernel, the following vulnerability has been resolved: block: fix ...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-68807 Impact, Exploitability, and Mitigation Steps | Wiz