DEBIAN-CVE-2025-68336
In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: do_raw_write_lock+0x120/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0: do_raw_write_lock+0x88/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork value changed: 0xffffffff -> 0x00000001 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111 Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has adressed most of these races, but seems to be not consistent/not complete. >From do_raw_write_lock() only debug_write_lock_after() part has been converted to WRITE_ONCE(), but not debug_write_lock_before() part. Do it now.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.1.106-2, 6.1.38-2~bpo11+1, 6.1.38-1 |
| Debian:13 | linux | 6.12.48-1, 6.12.63-1, 6.12.57-1 |
| Debian:11 | linux | 5.10.70-1, 0, 5.10.103-1 |
| Debian:11 | linux-6.1 | 6.1.112-1~deb11u1, 6.1.119-1~deb11u1, 6.1.128-1~deb11u1 |
| Debian:14 | linux | 6.12.43-1~bpo12+1, 6.12.43-1, 6.12.41-1 |
Timeline
- Dec 22, 2025 CVE Published
- Apr 28, 2026 CVE Updated