CVE-2025-68292 — Use of Uninitialized Resource in Linux
Severity
7.2HIGHOSV
No vectorEPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 16
Latest updateApr 6
Description
In the Linux kernel, the following vulnerability has been resolved:
mm/memfd: fix information leak in hugetlb folios
When allocating hugetlb folios for memfd, three initialization steps are
missing:
1. Folios are not zeroed, leading to kernel memory disclosure to userspace
2. Folios are not marked uptodate before adding to page cache
3. hugetlb_fault_mutex is not taken before hugetlb_add_to_page_cache()
The memfd allocation path bypasses the normal page fault handler
(hugetlb_no_page) which …
Affected Packages5 packages
▶CVEListV5linux/linux89c1905d9c140372b7f50ef48f42378cf85d9bc5 — 50b4c1c28733a536d637d2f0401d60bcfef60ef2+3