CVE-2025-68319

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists within the netconsole component of the Linux kernel when iterating over the cg children list in conjunction with concurrent additions or removals of userdata items through configfs. Specifically, functions like update userdata() and count extradata entries() iterate over this list without proper locking, potentially leading to an inconsistent state if a userdata item is added or removed during iteration. This can cause the iteration loop to become infinite or trigger a warning. The issue arises from a lack of protection when navigating the hierarchy, as configfs uses a subsystem mutex to protect modifications. The fix involves acquiring the configfs subsystem mutex (su mutex) before any operations that iterate over cg children. This includes functions such as userdatum value store(), sysdata * enabled store(), and others that call the affected functions. The su mutex must be acquired before dynamic netconsole mutex to prevent lock ordering issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.