CVE-2025-68821

EUVD-2026-2272
In the Linux kernel, the following vulnerability has been resolved:

fuse: fix readahead reclaim deadlock

Commit e26ee4efbc79 ("fuse: allocate ff->release_args only if release is
needed") skips allocating ff->release_args if the server does not
implement open. However in doing so, fuse_prepare_release() now skips
grabbing the reference on the inode, which makes it possible for an
inode to be evicted from the dcache while there are inflight readahead
requests. This causes a deadlock if the server triggers reclaim while
servicing the readahead request and reclaim attempts to evict the inode
of the file being read ahead. Since the folio is locked during
readahead, when reclaim evicts the fuse inode and fuse_evict_inode()
attempts to remove all folios associated with the inode from the page
cache (truncate_inode_pages_range()), reclaim will block forever waiting
for the lock since readahead cannot relinquish the lock because it is
itself blocked in reclaim:

>>> stack_trace(1504735)
 folio_wait_bit_common (mm/filemap.c:1308:4)
 folio_lock (./include/linux/pagemap.h:1052:3)
 truncate_inode_pages_range (mm/truncate.c:336:10)
 fuse_evict_inode (fs/fuse/inode.c:161:2)
 evict (fs/inode.c:704:3)
 dentry_unlink_inode (fs/dcache.c:412:3)
 __dentry_kill (fs/dcache.c:615:3)
 shrink_kill (fs/dcache.c:1060:12)
 shrink_dentry_list (fs/dcache.c:1087:3)
 prune_dcache_sb (fs/dcache.c:1168:2)
 super_cache_scan (fs/super.c:221:10)
 do_shrink_slab (mm/shrinker.c:435:9)
 shrink_slab (mm/shrinker.c:626:10)
 shrink_node (mm/vmscan.c:5951:2)
 shrink_zones (mm/vmscan.c:6195:3)
 do_try_to_free_pages (mm/vmscan.c:6257:3)
 do_swap_page (mm/memory.c:4136:11)
 handle_pte_fault (mm/memory.c:5562:10)
 handle_mm_fault (mm/memory.c:5870:9)
 do_user_addr_fault (arch/x86/mm/fault.c:1338:10)
 handle_page_fault (arch/x86/mm/fault.c:1481:3)
 exc_page_fault (arch/x86/mm/fault.c:1539:2)
 asm_exc_page_fault+0x22/0x27

Fix this deadlock by allocating ff->release_args and grabbing the
reference on the inode when preparing the file for release even if the
server does not implement open. The inode reference will be dropped when
the last reference on the fuse file is dropped (see fuse_file_put() ->
fuse_release_end()).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.259-1
fixed
forky
7.0.13-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.95-1
fixed
linux-6.1
bullseye (security)
6.1.176-1~deb11u1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
bpftool-debuginfo
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
bpftool6.12
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-debuginfo
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-debuginfo-common-aarch64
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-debuginfo-common-x86_64
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-devel
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-headers
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-libbpf
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-libbpf-debuginfo
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-libbpf-devel
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-libbpf-static
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-livepatch-6.1.161-183.298
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.12.64-87.122
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-modules-extra
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-modules-extra-common
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-tools
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-tools-debuginfo
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel-tools-devel
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-libbpf
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-libbpf-debuginfo
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-libbpf-devel
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-libbpf-static
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
perf
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
perf-debuginfo
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
python3-perf
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
python3-perf-debuginfo
Amazon Linux 2023
1:6.1.161-183.298.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.64-87.122.amzn2023
fixed