CVE-2025-68262
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU contexts) are freed in zstd_exit() during every tfm destruction, rather than being managed at the module level. When multiple tfms exist, each tfm exit attempts to free the same shared per-CPU streams, resulting in a double-free. This leads to a stack trace similar to: BUG: Bad page state in process kworker/u16:1 pfn:106fd93 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93 flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero entire_mapcount Modules linked in: ... CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B Hardware name: ... Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 bad_page+0x71/0xd0 free_unref_page_prepare+0x24e/0x490 free_unref_page+0x60/0x170 crypto_acomp_free_streams+0x5d/0xc0 crypto_acomp_exit_tfm+0x23/0x50 crypto_destroy_tfm+0x60/0xc0 ... Change the lifecycle management of zstd_streams to free the streams only once during module cleanup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68262
EUVD
EUVD-2025-203748
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a double-free bug in the Linux kernel's crypto/zstd module. It occurs when multiple tfms (transforms) are allocated and freed. The problem arises because the per-CPU zstd_streams are freed during each tfm destruction instead of being managed at the module level. As a result, when multiple tfms exist, each tfm exit tries to free the same shared per-CPU streams multiple times, causing a double-free error that can lead to kernel crashes or instability.


How can this vulnerability impact me? :

This vulnerability can cause system instability or crashes due to the double-free error in the kernel's memory management. Specifically, it can lead to bad page states and kernel stack traces indicating memory corruption. This can affect the reliability and availability of systems running the vulnerable Linux kernel, potentially causing unexpected reboots or service interruptions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring system logs for stack traces indicating a double-free error in the crypto/zstd module. Specifically, look for kernel messages containing 'BUG: Bad page state' and call traces involving crypto_acomp_free_streams and crypto_destroy_tfm. You can use commands like 'dmesg | grep -i "BUG: Bad page state"' or 'journalctl -k | grep -i "crypto_acomp_free_streams"' to find relevant logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where the crypto/zstd module's double-free bug is fixed. The fix changes the lifecycle management of zstd_streams to ensure streams are freed only once during module cleanup. Until the update is applied, avoid workloads that allocate and free multiple tfms in the crypto/zstd module to reduce the risk of triggering the bug.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart