CVE-2025-68320 in Linux
Summary
by MITRE • 12/16/2025
In the Linux kernel, the following vulnerability has been resolved:
lan966x: Fix sleeping in atomic context
The following warning was seen when we try to connect using ssh to the device.
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 104, name: dropbear preempt_count: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 UID: 0 PID: 104 Comm: dropbear Tainted: G W 6.18.0-rc2-00399-g6f1ab1b109b9-dirty #530 NONE Tainted: [W]=WARN
Hardware name: Generic DT based system Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x7c/0xac dump_stack_lvl from __might_resched+0x16c/0x2b0 __might_resched from __mutex_lock+0x64/0xd34 __mutex_lock from mutex_lock_nested+0x1c/0x24 mutex_lock_nested from lan966x_stats_get+0x5c/0x558 lan966x_stats_get from dev_get_stats+0x40/0x43c dev_get_stats from dev_seq_printf_stats+0x3c/0x184 dev_seq_printf_stats from dev_seq_show+0x10/0x30 dev_seq_show from seq_read_iter+0x350/0x4ec seq_read_iter from seq_read+0xfc/0x194 seq_read from proc_reg_read+0xac/0x100 proc_reg_read from vfs_read+0xb0/0x2b0 vfs_read from ksys_read+0x6c/0xec ksys_read from ret_fast_syscall+0x0/0x1c Exception stack(0xf0b11fa8 to 0xf0b11ff0) 1fa0: 00000001 00001000 00000008 be9048d8 00001000 00000001 1fc0: 00000001 00001000 00000008 00000003 be905920 0000001e 00000000 00000001 1fe0: 0005404c be9048c0 00018684 b6ec2cd8
It seems that we are using a mutex in a atomic context which is wrong. Change the mutex with a spinlock.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/22/2026
The vulnerability CVE-2025-68320 represents a critical concurrency issue within the Linux kernel's lan966x network driver implementation that violates fundamental kernel synchronization principles. This flaw manifests when attempting SSH connections to affected devices, triggering a kernel warning that indicates improper use of synchronization primitives in an atomic context. The kernel's locking subsystem detects this violation through its internal validation mechanisms, specifically at kernel/locking/mutex.c line 575, where it identifies that a sleeping function is being invoked from a context where sleeping is not permitted. The error trace reveals that the dropbear SSH daemon process with pid 104 attempts to acquire a mutex lock while in an atomic context, which is strictly prohibited in kernel space programming to prevent deadlocks and maintain system stability.
The technical root cause stems from the inappropriate use of mutex locks within code paths that execute in atomic contexts, violating the fundamental principle that mutexes can block and sleep while atomic contexts must execute atomically without yielding control. The kernel's internal state shows in_atomic() returning 1, indicating that the current execution context is atomic, yet the code attempts to acquire a mutex through mutex_lock_nested which internally calls __mutex_lock that can sleep. This scenario directly violates the kernel's atomic context requirements and is classified under CWE-362, which addresses the weakness of concurrent execution using a resource that can be accessed by multiple threads simultaneously. The system's preempt_count value of 1 and expected value of 0 further confirm the atomic context violation, as the kernel expects preempt_count to be zero in non-atomic contexts but finds it non-zero, indicating that preemption has been disabled but the code still attempts to sleep.
The operational impact of this vulnerability is severe as it can lead to system instability, potential kernel panics, and complete service disruption on devices running the affected kernel version. When SSH connections are attempted, the kernel warning becomes visible in system logs, indicating that the lan966x driver has entered an invalid execution state where a mutex lock operation attempts to sleep in an atomic context. This vulnerability affects devices using the lan966x network driver, particularly those implementing embedded systems or network appliances where SSH access is common. The issue is particularly dangerous because it can cause system crashes or unpredictable behavior during normal network operations, making the affected systems unreliable for production environments. According to ATT&CK framework, this vulnerability could be leveraged in initial access or privilege escalation scenarios, as it represents a kernel-level weakness that could be exploited by malicious actors to gain deeper system control.
The mitigation strategy requires changing the mutex synchronization primitive to a spinlock, which is designed for atomic contexts and does not sleep or block during acquisition. This solution aligns with the kernel's design principles where spinlocks are appropriate for short critical sections in atomic contexts, while mutexes are reserved for contexts where sleeping is acceptable. The fix involves modifying the lan966x_stats_get function to replace mutex_lock_nested with spin_lock_irqsave or equivalent spinlock operations that are suitable for atomic execution contexts. This change ensures that the driver can properly handle concurrent access to statistics without violating kernel atomic context rules, thereby preventing the kernel warning and potential system instability. The implementation should follow kernel coding standards and maintain the same functional behavior while ensuring proper synchronization in all execution contexts, particularly those that may be invoked from interrupt handlers or other atomic contexts where sleeping operations are strictly prohibited.