PT-2025-52755 · Linux+3 · Linux Kernel+3

Published

2025-12-23

·

Updated

2026-05-07

·

CVE-2025-68339

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a data race condition within the fore200e open() function, specifically related to the fore200e->available cell rate resource. This resource is shared across multiple Virtual Channel Connections (VCCs) and is accessed concurrently by functions like fore200e open(), fore200e close(), and fore200e change qos(). The issue arises when fore200e activate vcin() fails during the open process, leading to a restoration of reserved bandwidth to available cell rate without proper lock protection. This allows a read-modify-write race to occur, potentially resulting in incorrect bandwidth accounting. The rate mtx lock is not consistently held during operations on fore200e->available cell rate, creating a vulnerability in the error handling path of fore200e open().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Related Identifiers

AZL-72980
CVE-2025-68339
ECHO-8986-DED1-8404
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8100-1
USN-8116-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu