CVE-2025-68320
Description
In the Linux kernel, the following vulnerability has been resolved:
lan966x: Fix sleeping in atomic context
The following warning was seen when we try to connect using ssh to the device.
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 104, name: dropbear preempt_count: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 UID: 0 PID: 104 Comm: dropbear Tainted: G W 6.18.0-rc2-00399-g6f1ab1b109b9-dirty #530 NONE Tainted: [W]=WARN Hardware name: Generic DT based system Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x7c/0xac dump_stack_lvl from __might_resched+0x16c/0x2b0 __might_resched from __mutex_lock+0x64/0xd34 __mutex_lock from mutex_lock_nested+0x1c/0x24 mutex_lock_nested from lan966x_stats_get+0x5c/0x558 lan966x_stats_get from dev_get_stats+0x40/0x43c dev_get_stats from dev_seq_printf_stats+0x3c/0x184 dev_seq_printf_stats from dev_seq_show+0x10/0x30 dev_seq_show from seq_read_iter+0x350/0x4ec seq_read_iter from seq_read+0xfc/0x194 seq_read from proc_reg_read+0xac/0x100 proc_reg_read from vfs_read+0xb0/0x2b0 vfs_read from ksys_read+0x6c/0xec ksys_read from ret_fast_syscall+0x0/0x1c Exception stack(0xf0b11fa8 to 0xf0b11ff0) 1fa0: 00000001 00001000 00000008 be9048d8 00001000 00000001 1fc0: 00000001 00001000 00000008 00000003 be905920 0000001e 00000000 00000001 1fe0: 0005404c be9048c0 00018684 b6ec2cd8
It seems that we are using a mutex in a atomic context which is wrong. Change the mutex with a spinlock.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a mutex in lan966x_stats_get is called from atomic context, causing a sleeping-in-atomic bug; fix replaces mutex with spinlock.
Vulnerability
Details
The lan966x Ethernet switch driver in the Linux kernel uses a mutex (lan966x->stats_lock) inside the lan966x_stats_get function. However, this function can be invoked in atomic context — for example, when proc_reg_read triggers dev_seq_show, which ultimately calls dev_get_stats and then lan966x_stats_get. The kernel bug warning shows a call trace originating from dropbear reading procfs stats, with preempt_count: 1 indicating atomicity [1][2]. This violates the rule that sleeping functions (like mutex_lock) must not be used in atomic context.
Exploitation
Path
An attacker with local shell access on the affected device can trigger the bug by simply reading statistics through procfs (e.g., cat /proc/net/dev). No special privileges beyond initiating a procfs read are required — the bug manifests during normal operation when an SSH daemon (like dropbear) reads network interface stats. The attack surface is low; it does not require network-based exploitation but relies on local access to the system.
Impact
When the mutex is acquired in atomic context, the kernel throws a BUG: sleeping function called from invalid context warning and may cause a kernel panic or hang. This results in a denial-of-service (DoS) condition, potentially crashing the system or making it unresponsive. The attacker can achieve local denial of service without needing elevated permissions.
Mitigation
The fix replaces the mutex with a spinlock, which is safe to use in atomic context. The patches have been applied to the Linux kernel stable tree [1][2][3][4]. Users should update their kernel to a version containing the commit that replaces mutex_lock with spin_lock in lan966x_stats_get.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.