CVE-2025-68247 — Missing Release of Memory after Effective Lifetime in Linux

16 documents7 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 89.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 16

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in do_timer_create() When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing the already allocated posix timer structure. Move the allocation after the user space access to cure that. [ tglx: Massaged change log ]

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.15.0 — 6.17.9

▶Debianlinux/linux_kernel< 6.17.9-1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linuxec2d0c04624b3c8a7eb1682e006717fa20cfbe24 — f417f44524e7fc098e787c718d838b32723c0b2d+2

▶debiandebian/linux< linux 6.17.9-1 (forky)

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: posix-timers: Plug potential memory leak in do_timer_create()↗2025-12-16

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68247 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶