PT-2025-51591 · Linux+3 · Linux Kernel+3

Published

2025-09-23

·

Updated

2026-05-26

·

CVE-2025-68178

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc3
Description A deadlock situation can occur during policy configuration within the block layer (blk-cgroup). This deadlock is triggered by a circular locking dependency, specifically involving locks related to queue usage and resource quotas. The root cause is that the queue usage counter is acquired while the rq qos mutex is held, leading to a potential race condition when the queue needs to be frozen from another context. The issue arises because blk queue enter() is used for policy deactivation protection, which is already handled by blkcg mutex. The recommended fix involves replacing blk queue enter() with blkcg mutex and modifying blkg alloc() to use GFP NOIO.
Recommendations Update to a version newer than 6.17.0-rc3.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-404

Related Identifiers

BDU:2026-01351
CVE-2025-68178
ECHO-EC3F-3C54-E9B9
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1303
OESA-2026-1304
OESA-2026-1305
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu