ublk: fix deadlock when reading partition table

CVE	CVE-2025-68823
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-01-13 16:16:04 UTC
Updated	2026-06-01 17:16:38 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur: 1. bdev_open() grabs disk->open_mutex 2. The process issues read I/O to ublk backend to read partition table 3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request() runs bio->bi_end_io() callbacks 4. If this triggers fput() on file descriptor of ublk block device, the work may be deferred to current task's task work (see fput() implementation) 5. This eventually calls blkdev_release() from the same context 6. blkdev_release() tries to grab disk->open_mutex again 7. Deadlock: same task waiting for a mutex it already holds The fix is to run blk_update_request() and blk_mq_end_request() with bottom halves disabled. This forces blkdev_release() to run in kernel work-queue context instead of current task work context, and allows ublk server to make forward progress, and avoids the deadlock. [axboe: rewrite comment in ublk]

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types: CWE-667

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 71f28f3136aff5890cd56de78abc673f8393cad9 27bb79b7717b2fbb111a1c13548b2786ee712dca git	Not specified
CNA	Linux	Linux	affected 71f28f3136aff5890cd56de78abc673f8393cad9 64c0b7e2293757e8320f13434cd809f1c9257a62 git	Not specified
CNA	Linux	Linux	affected 71f28f3136aff5890cd56de78abc673f8393cad9 9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7 git	Not specified
CNA	Linux	Linux	affected 71f28f3136aff5890cd56de78abc673f8393cad9 0460e09a614291f06c008443f47393c37b7358e7 git	Not specified
CNA	Linux	Linux	affected 71f28f3136aff5890cd56de78abc673f8393cad9 c258f5c4502c9667bccf5d76fa731ab9c96687c1 git	Not specified
CNA	Linux	Linux	affected 6.0	Not specified
CNA	Linux	Linux	unaffected 6.0 semver	Not specified
CNA	Linux	Linux	unaffected 6.1.175 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.124 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.70 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.3 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19 * original_commit_for_fix	Not specified

Reference	Source	Link	Tags
git.kernel.org/stable/c/c258f5c4502c9667bccf5d76fa731ab9c96687c1	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/0460e09a614291f06c008443f47393c37b7358e7	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/64c0b7e2293757e8320f13434cd809f1c9257a62	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/27bb79b7717b2fbb111a1c13548b2786ee712dca	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.