CVE-2025-68173
Description
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix softlockup in ftrace_module_enable
A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsyms_lookup can spend too much time in RCU critical section and with disabled preemption, causing kernel panic. This is the same issue that was fixed in commit d0b24b4e91fc ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY kernels") and commit 42ea22e754ba ("ftrace: Add cond_resched() to ftrace_graph_set_hash()").
Fix it the same way by adding cond_resched() in ftrace_module_enable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A soft lockup in ftrace_module_enable during module loading with many traceable functions is fixed by adding cond_resched().
Vulnerability
A soft lockup (RCU stall) can occur in the Linux kernel's ftrace subsystem ftrace when loading a module that contains a large number of traceable functions. The root cause is that the function ftrace_module_enable iterates over all traceable functions in the module and, for each one, calls kallsyms_lookup while holding an RCU read lock and with preemption disabled. This can consume excessive CPU time, triggering a kernel panic on systems with voluntary preemption models.
Exploitation
No special privileges or network access are required to trigger this condition; it is a denial-of-service scenario that arises naturally during normal system administration when a large module (e.g., the amdgpu graphics driver) is loaded. The bug is a logic error in the kernel's tracing infrastructure, not a memory corruption or privilege escalation.
ImpactAn attacker who can cause a large module to be loaded (e.g., by inserting a USB device that triggers module autoloading) can induce a soft lockup, leading to a system hang or crash. This is a denial-of-service vulnerability affects the availability of the system.
MitigationThe fix adds a
cond_resched() call inside the loop in ftrace_module_enable, allowing the scheduler to preempt the task and avoid the RCU stall. This mirrors the same approach used in previous fixes for similar issues in ftrace (commits d0b24b4e91fc and 42ea22e754ba). The patch has been applied to the stable kernel tree [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/4099b98203d6b33d990586542fa5beee408032a3nvd
- git.kernel.org/stable/c/40c8ee40e48a2c82c762539952ed8fc0571db5bfnvd
- git.kernel.org/stable/c/7e3c96010ade29bb340a5bdce8675f50c7f59001nvd
- git.kernel.org/stable/c/a1dd0abd741a8111260676da729825d6c1461a71nvd
- git.kernel.org/stable/c/e81e6d6d99b16dae11adbeda5c996317942a940cnvd
News mentions
0No linked articles in our index yet.