CVE-2025-68821 | fuse: fix readahead reclaim deadlock

In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 ("fuse: allocate ff->release_args only if release is needed") skips allocating ff->release_args if the server does not implement open. However in doing so, fuse_prepare_release() now skips grabbing the reference on the inode, which makes it possible for an inode to be evicted from the dcache while there are inflight readahead requests. This causes a deadlock if the server triggers reclaim while servicing the readahead request and reclaim attempts to evict the inode of the file being read ahead. Since the folio is locked during readahead, when reclaim evicts the fuse inode and fuse_evict_inode() attempts to remove all folios associated with the inode from the page cache (truncate_inode_pages_range()), reclaim will block forever waiting for the lock since readahead cannot relinquish the lock because it is itself blocked in reclaim: >>> stack_trace(1504735) folio_wait_bit_common (mm/filemap.c:1308:4) folio_lock (./include/linux/pagemap.h:1052:3) truncate_inode_pages_range (mm/truncate.c:336:10) fuse_evict_inode (fs/fuse/inode.c:161:2) evict (fs/inode.c:704:3) dentry_unlink_inode (fs/dcache.c:412:3) __dentry_kill (fs/dcache.c:615:3) shrink_kill (fs/dcache.c:1060:12) shrink_dentry_list (fs/dcache.c:1087:3) prune_dcache_sb (fs/dcache.c:1168:2) super_cache_scan (fs/super.c:221:10) do_shrink_slab (mm/shrinker.c:435:9) shrink_slab (mm/shrinker.c:626:10) shrink_node (mm/vmscan.c:5951:2) shrink_zones (mm/vmscan.c:6195:3) do_try_to_free_pages (mm/vmscan.c:6257:3) do_swap_page (mm/memory.c:4136:11) handle_pte_fault (mm/memory.c:5562:10) handle_mm_fault (mm/memory.c:5870:9) do_user_addr_fault (arch/x86/mm/fault.c:1338:10) handle_page_fault (arch/x86/mm/fault.c:1481:3) exc_page_fault (arch/x86/mm/fault.c:1539:2) asm_exc_page_fault+0x22/0x27 Fix this deadlock by allocating ff->release_args and grabbing the reference on the inode when preparing the file for release even if the server does not implement open. The inode reference will be dropped when the last reference on the fuse file is dropped (see fuse_file_put() -> fuse_release_end()).

Published: 2026-01-13 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:DeferredCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-68821 is rated Low Risk (7.1/100): low exploitation likelihood (EPSS 0.17%). Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-68821

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.02% 0.17% +0.15%
2 2026-01-14 0.02%

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68821

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-68821

OS Trackers for CVE-2025-68821

vendor priority summary link
debian unimportant CVE-2025-68821 unimportant priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2025-68821
redhat medium https://access.redhat.com/security/cve/CVE-2025-68821
suse medium CVE-2025-68821 severity moderate: SUSE including 109 source package names (13.2-9.1:libsqlite3-0-3.49.1-1.1, 2.1.3-6.31:libsqlite3-0-3.49.1-1.1, …), 407 product×package rows across 64 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (64 product lines)): Known Not Affected 217, Fixed 165, First Fixed 25. https://www.suse.com/security/cve/CVE-2025-68821/
ubuntu medium CVE-2025-68821 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1562 status rows across 10 suites (bionic, focal, jammy, noble, plucky, questing, resolute, trusty, upstream, xenial): DNE 1157, ignored 179, released 147, not-affected 65, pending 9, needed 5. https://ubuntu.com/security/CVE-2025-68821

Affected software / configurations for CVE-2025-68821

Vendor Product Version Raw CPE
linux linux_kernel >= 5.15.196, < 5.15.198 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.1.158, < 6.1.160 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.6.115, < 6.6.120 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.9, < 6.12.64 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.9, < 6.18.3 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.9, < 6.19 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References for CVE-2025-68821

cvelogic Threat Intelligence