CVE-2025-68355
Memory Leak in Linux Kernel BPF Map Causes Resource Exhaustion
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's BPF (Berkeley Packet Filter) subsystem. Specifically, when the variable excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the associated map memory is not freed properly, causing the memory to not be reclaimed. This issue was reported by syzbot and fixed by ensuring the map memory is freed correctly.
How can this vulnerability impact me? :
The memory leak can cause the system to consume more memory over time, potentially leading to degraded performance or system instability if the leaked memory accumulates significantly.
What immediate steps should I take to mitigate this vulnerability?
Apply the Linux kernel update that includes the fix for the exclusive map memory leak vulnerability (CVE-2025-68355). This update ensures that when excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map memory is properly freed, preventing the memory leak.