Linux Kernel up to 6.17.7 netconsole update_userdata state issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 6.17.7 and classified as critical. This affects the function update_userdata of the component netconsole. Executing a manipulation can lead to state issue.
The identification of this vulnerability is CVE-2025-68319. There is no exploit available.
It is suggested to upgrade the affected component.
Details
A vulnerability classified as critical was found in Linux Kernel up to 6.17.7. This vulnerability affects the function update_userdata of the component netconsole. The manipulation with an unknown input leads to a state issue vulnerability. The CWE definition for the vulnerability is CWE-371. The impact remains unknown. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cg_children list and concurrent add/remove of userdata items through configfs. The update_userdata() function iterates over the nt->userdata_group.cg_children list, and count_extradata_entries() also iterates over this same list to count nodes. Quoting from Documentation/filesystems/configfs.rst: > A subsystem can navigate the cg_children list and the ci_parent pointer > to see the tree created by the subsystem. This can race with configfs' > management of the hierarchy, so configfs uses the subsystem mutex to > protect modifications. Whenever a subsystem wants to navigate the > hierarchy, it must do so under the protection of the subsystem > mutex. Without proper locking, if a userdata item is added or removed concurrently while these functions are iterating, the list can be accessed in an inconsistent state. For example, the list_for_each() loop can reach a node that is being removed from the list by list_del_init() which sets the nodes' .next pointer to point to itself, so the loop will never end (or reach the WARN_ON_ONCE in update_userdata() ). Fix this by holding the configfs subsystem mutex (su_mutex) during all operations that iterate over cg_children. This includes: - userdatum_value_store() which calls update_userdata() to iterate over cg_children - All sysdata_*_enabled_store() functions which call count_extradata_entries() to iterate over cg_children The su_mutex must be acquired before dynamic_netconsole_mutex to avoid potential lock ordering issues, as configfs operations may already hold su_mutex when calling into our code.
The advisory is shared for download at git.kernel.org. This vulnerability was named CVE-2025-68319 since 12/16/2025. The exploitation appears to be difficult. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 02/22/2026).
The vulnerability scanner Nessus provides a plugin with the ID 298897 (Ubuntu 25.10 : Linux kernel vulnerabilities (USN-8029-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.17.8 eliminates this vulnerability. Applying the patch ff70aa7e8cf05745fdba7258952a8bedf33ea336/d7d2fcf7ae31471b4e08b7e448b8fd0ec2e06a1b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (298897) and CERT Bund (WID-SEC-2025-2868). Once again VulDB remains the best source for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- SUSE openSUSE
- RESF Rocky Linux
- Open Source Linux Kernel
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.6VulDB Meta Temp Score: 4.4
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: State issueCWE: CWE-371
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 298897
Nessus Name: Ubuntu 25.10 : Linux kernel vulnerabilities (USN-8029-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.17.8
Patch: ff70aa7e8cf05745fdba7258952a8bedf33ea336/d7d2fcf7ae31471b4e08b7e448b8fd0ec2e06a1b
Timeline
12/16/2025 Advisory disclosed12/16/2025 CVE reserved
12/16/2025 VulDB entry created
02/22/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2025-68319 (🔒)
GCVE (CVE): GCVE-0-2025-68319
GCVE (VulDB): GCVE-100-336844
CERT Bund: WID-SEC-2025-2868 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 12/16/2025 17:45Updated: 02/22/2026 09:11
Changes: 12/16/2025 17:45 (59), 02/15/2026 22:56 (2), 02/22/2026 09:11 (7)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.