What is CVE-2025-68369?

CVE-2025-68369 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15.197 onward and patched in 5.15.198, 6.1.160, 6.6.120 and others. CVE-2025-68369 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68369?

CVE-2025-68369 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68369?

Yes, CVE-2025-68369 has been patched. Fixed versions include 5.15.198, 6.1.160, 6.6.120 and others. If you are running Linux kernel 5.15.197 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68369 actively exploited?

CVE-2025-68369 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68369

In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot. Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered. Add the run_lock initialization when loading $Extend. syzbot reported: INFO: trying to register non-static key. Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590 ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860 ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387 ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.15.197, 6.1.159, 6.6.117, 6.12.58, 6.17.8, 6.18 and later are affected. Fixed in 5.15.198, 6.1.160, 6.6.120, 6.12.63, 6.17.13, 6.18.2, 6.19 and their respective stable series.

Affected from

≥ 5.15.197 ≥ 6.1.159 ≥ 6.6.117 ≥ 6.12.58 ≥ 6.17.8 ≥ 6.18

Fixed in

✓ 5.15.198 5.15.x ✓ 6.1.160 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.63 6.12.x ✓ 6.17.13 6.17.x ✓ 6.18.2 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-68369 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/19164d8228317f3f1fe2662a9ba587cfe3b2d29e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/433d1f7c628c3cbdd7efce064d6c7acd072cf6c4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6e17555728bc469d484c59db4a0abc65c19bc315
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68369?

CVE-2025-68369 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15.197 onward and has been patched in 5.15.198, 6.1.160, 6.6.120 and others. CVE-2025-68369 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68369?

Yes — CVE-2025-68369 has been patched. Fixed versions include 5.15.198, 6.1.160, 6.6.120 and others. If you are running Linux kernel 5.15.197 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68369 actively exploited?

No — CVE-2025-68369 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.