CVE-2025-68247
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel POSIX Timers on Timer Creation

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in do_timer_create() When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing the already allocated posix timer structure. Move the allocation after the user space access to cure that. [ tglx: Massaged change log ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68247
EUVD
EUVD-2025-203649
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's posix-timers subsystem. When creating a POSIX timer, if the process of accessing a user space value causes a fault, the function exits without freeing the memory allocated for the timer structure. This leads to a potential memory leak. The fix involved moving the allocation step to occur after the user space access to prevent leaking memory if a fault happens.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when POSIX timers are created and a fault occurs during user space access. Over time, this could cause increased memory usage and potentially degrade system performance or stability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart