What is CVE-2025-68214?

CVE-2025-68214 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.7 out of 10, classified as a Race Condition flaw (CWE-362), affecting Linux kernel versions from 6.1.158 onward and patched in 6.1.159, 6.6.118, 6.12.60 and others. CVE-2025-68214 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68214?

CVE-2025-68214 has a CVSS score of 4.7 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2025-68214?

Yes, CVE-2025-68214 has been patched. Fixed versions include 6.1.159, 6.6.118, 6.12.60 and others. If you are running Linux kernel 6.1.158 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68214 actively exploited?

CVE-2025-68214 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Race Condition (CWE-362)?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/362.html

CVE-2025-68214

Medium

In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timer_shutdown_sync() There is a race condition between timer_shutdown_sync() and timer expiration that can lead to hitting a WARN_ON in expire_timers(). The issue occurs when timer_shutdown_sync() clears the timer function to NULL while the timer is still running on another CPU. The race scenario looks like this: CPU0 CPU1 <SOFTIRQ> lock_timer_base() expire_timers() base->running_timer = timer; unlock_timer_base() [call_timer_fn enter] mod_timer() ... timer_shutdown_sync() lock_timer_base() // For now, will not detach the timer but only clear its function to NULL if (base->running_timer != timer) ret = detach_if_pending(timer, base, true); if (shutdown) timer->function = NULL; unlock_timer_base() [call_timer_fn exit] lock_timer_base() base->running_timer = NULL; unlock_timer_base() ... // Now timer is pending while its function set to NULL. // next timer trigger <SOFTIRQ> expire_timers() WARN_ON_ONCE(!fn) // hit ... lock_timer_base() // Now timer will detach if (base->running_timer != timer) ret = detach_if_pending(timer, base, true); if (shutdown) timer->function = NULL; unlock_timer_base() The problem is that timer_shutdown_sync() clears the timer function regardless of whether the timer is currently running. This can leave a pending timer with a NULL function pointer, which triggers the WARN_ON_ONCE(!fn) check in expire_timers(). Fix this by only clearing the timer function when actually detaching the timer. If the timer is running, leave the function pointer intact, which is safe because the timer will be properly detached when it finishes running.

Package Linux Kernel

Published 2025-12-16

Last modified 2026-02-26

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

4.7

out of 10

Medium

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-362

CVE-2025-68214 is a Race Condition vulnerability

What is Race Condition?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. Learn more on MITRE CWE

Affected versions

Linux kernel versions 6.1.158, 6.2 and later are affected. Fixed in 6.1.159, 6.6.118, 6.12.60, 6.17.10, 6.18 and their respective stable series.

Affected from

≥ 6.1.158 ≥ 6.2

Fixed in

✓ 6.1.159 6.1.x ✓ 6.6.118 6.6.x ✓ 6.12.60 6.12.x ✓ 6.17.10 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-68214 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/176725f4848376530a0f0da9023f956afcc33585
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1a975716cc8977f461e45e28e3e5977d46ad7a6a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/20739af07383e6eb1ec59dcd70b72ebfa9ac362c
Patch

6 patch commits total View all on NVD

Details

CVE ID CVE-2025-68214

Severity Medium

CVSS score 4.7 / 10

CVSS version 3.1

Published 2025-12-16

Modified 2026-02-26

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-68214?

CVE-2025-68214 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.7 out of 10 , classified as a Race Condition flaw (CWE-362) . It affects Linux kernel versions from 6.1.158 onward and has been patched in 6.1.159, 6.6.118, 6.12.60 and others. CVE-2025-68214 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-68214?

CVE-2025-68214 has a CVSS score of 4.7 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2025-68214?

Yes — CVE-2025-68214 has been patched. Fixed versions include 6.1.159, 6.6.118, 6.12.60 and others. If you are running Linux kernel 6.1.158 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68214 actively exploited?

No — CVE-2025-68214 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Race Condition (CWE-362)?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. View CWE-362 on MITRE CWE →