CVE-2025-68262

EPSS 0.02%
Veröffentlicht 16.12.2025 14:45:04
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: zstd - fix double-free in per-CPU stream cleanup

The crypto/zstd module has a double-free bug that occurs when multiple
tfms are allocated and freed.

The issue happens because zstd_streams (per-CPU contexts) are freed in
zstd_exit() during every tfm destruction, rather than being managed at
the module level.  When multiple tfms exist, each tfm exit attempts to
free the same shared per-CPU streams, resulting in a double-free.

This leads to a stack trace similar to:

  BUG: Bad page state in process kworker/u16:1  pfn:106fd93
  page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93
  flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
  page_type: 0xffffffff()
  raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000
  raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
  page dumped because: nonzero entire_mapcount
  Modules linked in: ...
  CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G    B
  Hardware name: ...
  Workqueue: btrfs-delalloc btrfs_work_helper
  Call Trace:
   <TASK>
   dump_stack_lvl+0x5d/0x80
   bad_page+0x71/0xd0
   free_unref_page_prepare+0x24e/0x490
   free_unref_page+0x60/0x170
   crypto_acomp_free_streams+0x5d/0xc0
   crypto_acomp_exit_tfm+0x23/0x50
   crypto_destroy_tfm+0x60/0xc0
   ...

Change the lifecycle management of zstd_streams to free the streams only
once during module cleanup.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < dc0f4509b0ed5d82bef78e058db0ac4df04d0695

Version f5ad93ffb54119a8dc5e18f070624d4ead586969

Status affected

Version < e983feaa79de1e46c9087fb9f02fedb0e5397ce6

Version f5ad93ffb54119a8dc5e18f070624d4ead586969

Status affected

Version < 48bc9da3c97c15f1ea24934bcb3b736acd30163d

Version f5ad93ffb54119a8dc5e18f070624d4ead586969

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version < 6.17

Version 0

Status unaffected

Version <= 6.17.*

Version 6.17.12

Status unaffected

Version <= 6.18.*

Version 6.18.1

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/dc0f4509b0ed5d82bef78e058db0ac4df04d0695

https://git.kernel.org/stable/c/e983feaa79de1e46c9087fb9f02fedb0e5397ce6

https://git.kernel.org/stable/c/48bc9da3c97c15f1ea24934bcb3b736acd30163d

https://nvd.nist.gov/vuln/detail/CVE-2025-68262

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68262

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68262

EUVD