Deadlock Vulnerability in Linux Kernel NVMe Driver
CVE-2025-68756

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 January 2026

What is CVE-2025-68756?

A deadlock vulnerability exists in the Linux kernel's NVMe driver due to improper handling of tagsets when managing shared and unshared queues. The functions blk_mq_add_queue_tag_set() and blk_mq_del_queue_tag_set() attempt to quiesce queues while holding a mutex lock, leading to a situation where threads may indefinitely block each other. Specifically, this occurs when one thread tries to disable a controller while another is waiting to freeze queues, causing a standstill. The resolution involves updating these functions to utilize RCU (Read-Copy Update) for safer list operations during tag manipulation, eliminating the risk of deadlock.

Affected Version(s)

Linux 98d81f0df70ce6fc48517d938026e3c684b9051a < 3baeec23a82e7ee9691f434c6ab0ab1387326108

Linux 98d81f0df70ce6fc48517d938026e3c684b9051a < 6e8d363786765a81e35083e0909e076796468edf

Linux 98d81f0df70ce6fc48517d938026e3c684b9051a

References

https://git.kernel.org/stable/c/3baeec23a82e7ee9691f434c6...

https://git.kernel.org/stable/c/6e8d363786765a81e35083e09...

https://git.kernel.org/stable/c/ef0cd7b694928573f6569e61c...

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Dec 24, 2025

JSON