Linux Kernel CVE-2025-68336: Data Race in do_raw_write_lock (spinlock/debug)
CVE-2025-68336 Published on December 22, 2025
locking/spinlock/debug: Fix data-race in do_raw_write_lock
In the Linux kernel, the following vulnerability has been resolved:
locking/spinlock/debug: Fix data-race in do_raw_write_lock
KCSAN reports:
BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock
write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:
do_raw_write_lock+0x120/0x204
_raw_write_lock_irq
do_exit
call_usermodehelper_exec_async
ret_from_fork
read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0:
do_raw_write_lock+0x88/0x204
_raw_write_lock_irq
do_exit
call_usermodehelper_exec_async
ret_from_fork
value changed: 0xffffffff -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111
Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has
adressed most of these races, but seems to be not consistent/not complete.
>From do_raw_write_lock() only debug_write_lock_after() part has been
converted to WRITE_ONCE(), but not debug_write_lock_before() part.
Do it now.
Products Associated with CVE-2025-68336
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below 8e5b2cf10844402054b52b489b525dc30cc16908 is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below c228cb699a07a5f2d596d186bc5c314c99bb8bbf is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below 93bd23524d63deb80fb85beb2e43fafeb1043d0f is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below 39d2ef113416f1a4205b03fb0aa2e428d1412c77 is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below b163a5e8c703201c905d6ec7920ed79d167e8442 is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below 16b3590c0e1e615757dade098c8fbc0d4f040c76 is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below 396a9270a7b90886be501611b13aa636f2e8c703 is affected.
- Version 1a365e822372ba24c9da0822bc583894f6f3d821 and below c14ecb555c3ee80eeb030a4e46d00e679537f03a is affected.
- Version 3106fb78d3579c8e9c9b3040f7f7841981919624 is affected.
- Version c0911024ff927ba5c4786b507004cb615be1d776 is affected.
- Version 09226e5c38639437565af01e6009a9286a351d04 is affected.
- Version c7673f01604fa722b9d7c1e29e17cec1b8ae09c5 is affected.
- Version c120c3dbeb76305235c8e557f84d9e2d7d0f5933 is affected.
- Version 5.5 is affected.
- Before 5.5 is unaffected.
- Version 5.10.248, <= 5.10.* is unaffected.
- Version 5.15.198, <= 5.15.* is unaffected.
- Version 6.1.160, <= 6.1.* is unaffected.
- Version 6.6.120, <= 6.6.* is unaffected.
- Version 6.12.62, <= 6.12.* is unaffected.
- Version 6.17.12, <= 6.17.* is unaffected.
- Version 6.18.1, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.