CVE-2025-68250
Description
In the Linux kernel, the following vulnerability has been resolved:
hung_task: fix warnings caused by unaligned lock pointers
The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding.
However, as reported by Eero Tamminen, some architectures like m68k only guarantee 2-byte alignment of 32-bit values. This breaks the assumption and causes two related WARN_ON_ONCE checks to trigger.
To fix this, the runtime checks are adjusted to silently ignore any lock that is not 4-byte aligned, effectively disabling the feature in such cases and avoiding the related warnings.
Thanks to Geert Uytterhoeven for bisecting!
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel hung_task blocker tracking fix prevents false-positive WARN_ON_ONCE on architectures (e.g., m68k) where lock pointers are only 2-byte aligned.
Root
Cause
The Linux kernel's hung_task blocker tracking mechanism uses the lower bits of lock pointers to encode type information, relying on the assumption that all lock pointers are at least 4-byte aligned. However, on architectures such as m68k, 32-bit values are only guaranteed to be 2-byte aligned, causing the assumption to fail. This leads to spurious WARN_ON_ONCE warnings when the kernel attempts to decode the type from a misaligned pointer [1].
Exploitation and
Impact
This is not exploitable for privilege escalation or code execution; it is a correctness issue that triggers kernel warnings. The warnings can flood system logs and potentially cause denial-of-service conditions if the system is configured to panic on WARN_ON_ONCE. No authentication or special privileges are required to trigger the condition—any code path that uses the blocker tracking with a misaligned lock pointer will hit the warning.
Mitigation
The fix, committed to the Linux kernel stable tree, adjusts the runtime checks to silently ignore any lock that is not 4-byte aligned. This effectively disables the blocker tracking feature on affected architectures, preventing the false warnings without impacting other functionality. The patch is included in the mainline kernel and should be backported to stable releases [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.