Linux Kernel nilfs2 Vulnerability in sc_timer Management
CVE-2025-68240
What is CVE-2025-68240?
The Linux kernel's nilfs2 component has a vulnerability related to the improper management of the sc_timer. Specifically, when the kthread_stop function fails to stop the sc_task properly, it leads to an unaddressed active sc_timer. As a result, when freeing the sci, the sc_timer is not closed, causing potential disruptions in system operations. The resolution employs timer_shutdown_sync to ensure that the sc_timer is correctly shut down, enhancing stability and security in system processes. This vulnerability underscores the importance of diligent timer management within kernel operations to prevent resource-related issues.
Affected Version(s)
Linux 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c < 36049e81dc7f077e0e24d5b9688a7458beacef8f
Linux 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c < 2f65799e2a736d556d306440c4e1e8906736117a
Linux 3f66cc261ccb54a8e4d8d5aa51c389c19453b00c < 9a6b60cb147d53968753a34805211d2e5e08c027