{"id":"CVE-2025-68240","summary":"nilfs2: avoid having an active sc_timer before freeing sci","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: avoid having an active sc_timer before freeing sci\n\nBecause kthread_stop did not stop sc_task properly and returned -EINTR,\nthe sc_timer was not properly closed, ultimately causing the problem [1]\nreported by syzbot when freeing sci due to the sc_timer not being closed.\n\nBecause the thread sc_task main function nilfs_segctor_thread() returns 0\nwhen it succeeds, when the return value of kthread_stop() is not 0 in\nnilfs_segctor_destroy(), we believe that it has not properly closed\nsc_timer.\n\nWe use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and\nset the value of sc_task to NULL under the protection of lock\nsc_state_lock, so as to avoid the issue caused by sc_timer not being\nproperly shutdowned.\n\n[1]\nODEBUG: free active (active state 0) object: 00000000dacb411a object type: timer_list hint: nilfs_construction_timeout\nCall trace:\n nilfs_segctor_destroy fs/nilfs2/segment.c:2811 [inline]\n nilfs_detach_log_writer+0x668/0x8cc fs/nilfs2/segment.c:2877\n nilfs_put_super+0x4c/0x12c fs/nilfs2/super.c:509","modified":"2026-03-20T12:46:18.569362Z","published":"2025-12-16T14:21:17.710Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68240.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2f65799e2a736d556d306440c4e1e8906736117a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/36049e81dc7f077e0e24d5b9688a7458beacef8f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9a6b60cb147d53968753a34805211d2e5e08c027"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68240.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68240"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3f66cc261ccb54a8e4d8d5aa51c389c19453b00c"},{"fixed":"36049e81dc7f077e0e24d5b9688a7458beacef8f"},{"fixed":"2f65799e2a736d556d306440c4e1e8906736117a"},{"fixed":"9a6b60cb147d53968753a34805211d2e5e08c027"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68240.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.12.0"},{"fixed":"6.12.59"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68240.json"}}],"schema_version":"1.7.5"}