Improper locking in Linux kernel - CVE-2025-68310
Published: December 16, 2025
Vulnerability identifier: #VU120074
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-68310
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zpci_event_attempt_error_recovery() function in arch/s390/pci/pci_event.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-68310
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0fd20f65df6aa430454a0deed8f43efa91c54835
- https://git.kernel.org/stable/c/3591d56ea9bfd3e7fbbe70f749bdeed689d415f9
- https://git.kernel.org/stable/c/54f938d9f5693af8ed586a08db4af5d9da1f0f2d
- https://git.kernel.org/stable/c/b63c061be622b17b495cbf78a6d5f2d4c3147f8e
- https://git.kernel.org/stable/c/d0df2503bc3c2be385ca2fd96585daad1870c7c5