Bug 2424337 (CVE-2025-68336) - CVE-2025-68336 kernel: locking/spinlock/debug: Fix data-race in do_raw_write_lock
Summary: CVE-2025-68336 kernel: locking/spinlock/debug: Fix data-race in do_raw_write_...
Keywords:
Status: NEW
Alias: CVE-2025-68336
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-22 17:02 UTC by OSIDB Bzimport
Modified: 2025-12-22 19:02 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-22 17:02:00 UTC 
In the Linux kernel, the following vulnerability has been resolved:

locking/spinlock/debug: Fix data-race in do_raw_write_lock

KCSAN reports:

BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock

write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:
 do_raw_write_lock+0x120/0x204
 _raw_write_lock_irq
 do_exit
 call_usermodehelper_exec_async
 ret_from_fork

read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0:
 do_raw_write_lock+0x88/0x204
 _raw_write_lock_irq
 do_exit
 call_usermodehelper_exec_async
 ret_from_fork

value changed: 0xffffffff -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111

Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has
adressed most of these races, but seems to be not consistent/not complete.

>From do_raw_write_lock() only debug_write_lock_after() part has been
converted to WRITE_ONCE(), but not debug_write_lock_before() part.
Do it now.
Comment 1 Keith Grant 2025-12-22 18:59:44 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122220-CVE-2025-68336-0253@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.