What is CVE-2025-68336?

CVE-2025-68336 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.4.209 onward and patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68336 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68336?

CVE-2025-68336 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68336?

Yes, CVE-2025-68336 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.4.209 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68336 actively exploited?

CVE-2025-68336 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68336

In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: do_raw_write_lock+0x120/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0: do_raw_write_lock+0x88/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork value changed: 0xffffffff -> 0x00000001 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111 Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has adressed most of these races, but seems to be not consistent/not complete. >From do_raw_write_lock() only debug_write_lock_after() part has been converted to WRITE_ONCE(), but not debug_write_lock_before() part. Do it now.

Package Linux Kernel

Published 2025-12-22

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.4.209, 4.9.209, 4.14.164, 4.19.95, 5.4.11, 5.5 and later are affected. Fixed in 5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.62, 6.17.12, 6.18.1, 6.19 and their respective stable series.

Affected from

≥ 4.4.209 ≥ 4.9.209 ≥ 4.14.164 ≥ 4.19.95 ≥ 5.4.11 ≥ 5.5

Fixed in

✓ 5.10.248 5.10.x ✓ 5.15.198 5.15.x ✓ 6.1.160 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.62 6.12.x ✓ 6.17.12 6.17.x ✓ 6.18.1 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-68336 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/16b3590c0e1e615757dade098c8fbc0d4f040c76
Patch
Kernel patch commit
https://git.kernel.org/stable/c/396a9270a7b90886be501611b13aa636f2e8c703
Patch
Kernel patch commit
https://git.kernel.org/stable/c/39d2ef113416f1a4205b03fb0aa2e428d1412c77
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68336?

CVE-2025-68336 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.4.209 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68336 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68336?

Yes — CVE-2025-68336 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.4.209 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68336 actively exploited?

No — CVE-2025-68336 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.