Task Timeout Vulnerability in Linux Kernel MultiQ3 Driver
CVE-2025-68258

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68258?

In the Linux kernel, a vulnerability exists within the multiq3 driver, particularly in the multiq3_attach() function where improper handling of configuration options can lead to task timeouts. This issue occurs when maliciously crafted configurations, specifically relating to the number of channels for encoder subdevices, are processed. If excessive channels are designated, multiple calls to the multiq3_encoder_reset() function may cause tasks to block, resulting in significant delays and potential operational interruptions for affected devices. This vulnerability underlines the importance of sanitizing input configurations by imposing sensible limits, such as restricting the maximum number of encoder chips to four (with two channels each), thereby mitigating the risk of these timeout scenarios.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 77e01cdbad5175f56027fd6fae00bd0fc175651a

Linux 77e01cdbad5175f56027fd6fae00bd0fc175651a < 4cde9a7e025cc09b88097c70606f6b30c22880f4

Linux 77e01cdbad5175f56027fd6fae00bd0fc175651a

References

https://git.kernel.org/stable/c/f9ff87aac7b37d462246c46d2...
https://git.kernel.org/stable/c/4cde9a7e025cc09b88097c706...
https://git.kernel.org/stable/c/ad7ed3c9c7b8408e8612697bc...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.