CVE-2025-68198
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash if crashkernel shrinking is done twice For example, with crashkernel=200M,high, the kernel reserves 200MB of high memory and some default low memory (say 256MB). The reservation appears as: cat /proc/iomem | grep -i crash af000000-beffffff : Crash kernel 433000000-43f7fffff : Crash kernel If crashkernel is then shrunk to 50MB (echo 52428800 > /sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved: af000000-beffffff : Crash kernel Instead, it should show 50MB: af000000-b21fffff : Crash kernel Further shrinking crashkernel to 40MB causes a kernel crash with the following trace (x86): BUG: kernel NULL pointer dereference, address: 0000000000000038 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI <snip...> Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? __release_resource+0xd/0xb0 release_resource+0x26/0x40 __crash_shrink_memory+0xe5/0x110 crash_shrink_memory+0x12a/0x190 kexec_crash_size_store+0x41/0x80 kernfs_fop_write_iter+0x141/0x1f0 vfs_write+0x294/0x460 ksys_write+0x6d/0xf0 <snip...> This happens because __crash_shrink_memory()/kernel/crash_core.c incorrectly updates the crashk_res resource object even when crashk_low_res should be updated. Fix this by ensuring the correct crashkernel resource object is updated when shrinking crashkernel memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68198
EUVD
EUVD-2025-203698
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's crashkernel memory reservation system. When crashkernel is configured with a high memory reservation and then shrunk below the low crashkernel reservation, it causes two problems: invalid crashkernel resource objects and a kernel crash if the shrinking is done twice. Specifically, shrinking crashkernel memory incorrectly updates the wrong resource object, leading to inconsistent memory reservation states and potentially causing a kernel NULL pointer dereference crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash when the crashkernel memory reservation is shrunk multiple times below a certain threshold. This can lead to system instability or downtime, as the kernel may experience a NULL pointer dereference and crash, impacting system reliability and availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking the crashkernel memory reservation on your system. Use the command `cat /proc/iomem | grep -i crash` to view the current crashkernel memory reservations. If the crashkernel memory has been shrunk below the low reservation but the /proc/iomem output still shows the old higher reservation, this indicates the vulnerability. Additionally, shrinking the crashkernel memory twice (e.g., echoing a smaller value to /sys/kernel/kexec_crash_size multiple times) may cause a kernel crash, which is another sign of the issue.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid shrinking the crashkernel memory reservation below the low crashkernel reservation, especially avoid shrinking it multiple times. Ensure that any changes to crashkernel memory reservations are done carefully and preferably update to a Linux kernel version where this issue is fixed, as the vulnerability arises from incorrect updates to crashkernel resource objects during shrinking.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart