CVE-2025-68168
Description
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix uninitialized waitqueue in transaction manager
The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on read-only filesystems.
When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction. However, txEnd(0) still gets called and tries to access TxBlock[0].waitor via tid_to_tblock(0), but this waitqueue was never initialized because the initialization loop started at index 1 instead of 0.
This causes a 'non-static key' lockdep warning and system crash: INFO: trying to register non-static key in txEnd
Fix by ensuring all transaction blocks including TxBlock[0] have their waitqueues properly initialized during txInit().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's JFS filesystem, an uninitialized waitqueue in the transaction manager causes a system crash on non-static key crash on read-only mounts due to TxBlock[0] not being initialized.
Vulnerability
Details The JFS filesystem transaction manager in the Linux kernel had an initialization bug where txInit() failed to properly initialize the waitqueue for TxBlock[0]. The loop that initializes all transaction blocks skipped index 0, leaving the waitqueue at that index uninitialized [1].
Exploitation
This issue is triggered when a JFS filesystems mounted read-only. When such a filesystem is mounted, txBegin() returns tid=0 to indicate no transaction can start. However, txEnd(0) still gets called, and via tid_to_tblock(0), it accesses TxBlock[0].waitor, which was never initialized. This leads to a 'non-static key' lockdep warning and a system crash [2].
Impact
A local attacker with the ability to mount a JFS filesystem read-only can crash the system by simply triggering the mount and any subsequent I/O path. An attacker could also craft a malicious filesystem image that, when mounted read-only, triggers this path to cause a denial of service. The crash manifests as a kernel Oops or panic due to trying to register a invalid key state.
Mitigation
The fix is to ensure all transaction blocks including TxBlock[0] have their waitqueues properly initialized during txInit() [3]. The upstream kernel has been patched [4]. Users should apply the latest stable kernel update. There is no workaround available other than not using read-only JFS mounts.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/038861414ab383b41dd35abbf9ff0ef715592d53nvd
- git.kernel.org/stable/c/2a9575a372182ca075070b3cd77490dcf0c951e7nvd
- git.kernel.org/stable/c/300b072df72694ea330c4c673c035253e07827b8nvd
- git.kernel.org/stable/c/8cae9cf23e0bd424ac904e753639a587543ce03anvd
- git.kernel.org/stable/c/a2aa97cde9857f881920635a2e3d3b11769619c5nvd
- git.kernel.org/stable/c/cbf2f527ae4ca7c7dabce42e85e8deb58588a37envd
- git.kernel.org/stable/c/d2dd7ca05a11685c314e62802a55e8d67a90e974nvd
- git.kernel.org/stable/c/d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64nvd
News mentions
0No linked articles in our index yet.