CVE-2025-68348
Memory Leak in Linux Kernel blkdev Zero Pages Handling
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's block device code, specifically in the __blkdev_issue_zero_pages function. The issue occurs because the code allocated memory for a bio structure before checking if a fatal signal was pending. If a fatal signal was pending, the function would exit without freeing the allocated memory, causing a memory leak. The fix moves the fatal signal check before the memory allocation to prevent this leak.
How can this vulnerability impact me? :
The memory leak caused by this vulnerability can lead to increased memory usage and potential resource exhaustion in the Linux kernel, which may degrade system performance or stability over time if the leak occurs repeatedly.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to the latest version where the fix for the memory leak in __blkdev_issue_zero_pages has been applied. This involves ensuring your system is patched with the kernel update that moves the fatal signal check before bio_alloc() to prevent the memory leak.