CVE-2025-68292
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/memfd: fix information leak in hugetlb folios When allocating hugetlb folios for memfd, three initialization steps are missing: 1. Folios are not zeroed, leading to kernel memory disclosure to userspace 2. Folios are not marked uptodate before adding to page cache 3. hugetlb_fault_mutex is not taken before hugetlb_add_to_page_cache() The memfd allocation path bypasses the normal page fault handler (hugetlb_no_page) which would handle all of these initialization steps. This is problematic especially for udmabuf use cases where folios are pinned and directly accessed by userspace via DMA. Fix by matching the initialization pattern used in hugetlb_no_page(): - Zero the folio using folio_zero_user() which is optimized for huge pages - Mark it uptodate with folio_mark_uptodate() - Take hugetlb_fault_mutex before adding to page cache to prevent races The folio_zero_user() change also fixes a potential security issue where uninitialized kernel memory could be disclosed to userspace through read() or mmap() operations on the memfd.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68292
EUVD
EUVD-2025-203788
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the memfd subsystem when allocating hugetlb folios. Three initialization steps were missing: the folios were not zeroed, not marked uptodate before adding to the page cache, and a necessary mutex was not taken before adding to the page cache. Because of this, uninitialized kernel memory could be disclosed to userspace, especially in use cases where folios are pinned and accessed directly by userspace via DMA. The fix involves zeroing the folios, marking them uptodate, and taking the mutex to prevent race conditions.


How can this vulnerability impact me? :

This vulnerability can lead to information leakage where uninitialized kernel memory is exposed to userspace processes. This could allow an attacker or malicious userspace application to read sensitive kernel memory contents through read() or mmap() operations on memfd, potentially compromising system security and confidentiality.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the memfd hugetlb folios initialization issue. The fix involves zeroing the folios, marking them uptodate before adding to the page cache, and taking the hugetlb_fault_mutex to prevent races. Applying the kernel patch or upgrading to a fixed kernel version will prevent kernel memory disclosure to userspace.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart