CVE-2025-68252
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's fastrpc component. Specifically, in the function fastrpc_map_lookup, a reference to a dma_buf object is obtained using dma_buf_get but is never released with dma_buf_put. This causes the dma_buf object to leak memory because the reference count is not properly decremented. The fix involves adding dma_buf_put before the function returns to ensure the reference is released regardless of the outcome.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel, which over time may cause increased memory usage and potentially degrade system performance or stability. If exploited or triggered repeatedly, it could exhaust system resources, leading to crashes or denial of service.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the dma_buf object leak in the fastrpc_map_lookup function by ensuring dma_buf_put is called to release the reference. This involves updating the Linux kernel to a version that includes this fix.