Unrated severityNVD Advisory· Published Jan 5, 2026· Updated Apr 15, 2026

CVE-2025-68762

Description

In the Linux kernel, the following vulnerability has been resolved:

net: netpoll: initialize work queue before error checks

Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c:4242 in __flush_work) occurs because the cleanup path tries to cancel an uninitialized work queue.

When __netpoll_setup() encounters a device with IFF_DISABLE_NETPOLL, it fails early and calls skb_pool_flush() for cleanup. This function calls cancel_work_sync(&np->refill_wq), but refill_wq hasn't been initialized yet, triggering the warning.

Move INIT_WORK() to the beginning of __netpoll_setup(), ensuring the work queue is properly initialized before any potential failure points. This allows the cleanup path to safely cancel the work queue regardless of where the setup fails.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel netpoll vulnerability: uninitialized work queue triggers warning on cleanup with IFF_DISABLE_NETPOLL; fix moves INIT_WORK before error checks.

In the Linux kernel, __netpoll_setup() initializes the work queue refill_wq only after performing error checks. When a device with the IFF_DISABLE_NETPOLL flag is encountered, the function fails early and calls skb_pool_flush() for cleanup. This function invokes cancel_work_sync(&np->refill_wq), but since the work queue was not initialized before the error check, an uninitialized work queue is accessed, triggering a kernel warning in __flush_work() [1].

The vulnerability is triggered during netconsole setup when a device has the IFF_DISABLE_NETPOLL flag. An attacker able to influence netconsole configuration or device flags could cause a kernel warning. The attack surface is limited to local users with sufficient privileges to configure netconsole or trigger device setup failures [1].

The impact is a kernel warning that can lead to system instability or denial of service, as warnings may cause system hangs or panic in certain configurations. An uninitialized work queue operation can also corrupt kernel memory, making this a potential security vulnerability [1].

The fix moves the INIT_WORK() call to the beginning of __netpoll_setup(), ensuring the work queue is properly initialized before any error checks. This allows the cleanup path to safely cancel the work queue regardless of where the setup fails. The patch is included in stable kernel updates [1].

References

Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Linux Kernel Rtllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000