CVE-2025-68292

EPSS 0.02%
Veröffentlicht 16.12.2025 15:06:12
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

mm/memfd: fix information leak in hugetlb folios

When allocating hugetlb folios for memfd, three initialization steps are
missing:

1. Folios are not zeroed, leading to kernel memory disclosure to userspace
2. Folios are not marked uptodate before adding to page cache
3. hugetlb_fault_mutex is not taken before hugetlb_add_to_page_cache()

The memfd allocation path bypasses the normal page fault handler
(hugetlb_no_page) which would handle all of these initialization steps. 
This is problematic especially for udmabuf use cases where folios are
pinned and directly accessed by userspace via DMA.

Fix by matching the initialization pattern used in hugetlb_no_page():
- Zero the folio using folio_zero_user() which is optimized for huge pages
- Mark it uptodate with folio_mark_uptodate()
- Take hugetlb_fault_mutex before adding to page cache to prevent races

The folio_zero_user() change also fixes a potential security issue where
uninitialized kernel memory could be disclosed to userspace through read()
or mmap() operations on the memfd.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 50b4c1c28733a536d637d2f0401d60bcfef60ef2

Version 89c1905d9c140372b7f50ef48f42378cf85d9bc5

Status affected

Version < b09d7c4dc642849d9a96753233c6d00364017fd6

Version 89c1905d9c140372b7f50ef48f42378cf85d9bc5

Status affected

Version < de8798965fd0d9a6c47fc2ac57767ec32de12b49

Version 89c1905d9c140372b7f50ef48f42378cf85d9bc5

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.11

Status affected

Version < 6.11

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.61

Status unaffected

Version <= 6.17.*

Version 6.17.11

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/50b4c1c28733a536d637d2f0401d60bcfef60ef2

https://git.kernel.org/stable/c/b09d7c4dc642849d9a96753233c6d00364017fd6

https://git.kernel.org/stable/c/de8798965fd0d9a6c47fc2ac57767ec32de12b49

https://nvd.nist.gov/vuln/detail/CVE-2025-68292

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68292

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68292

EUVD