CVE-2025-68355 — Missing Release of Memory after Effective Lifetime in Linux

7 documents6 sources

Severity

—N/A

No vector

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot [1]. syzbot reported: BUG: memory leak backtrace (crc 7b9fb9b4): map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131

Affected Packages3 packages

▶Linuxlinux/linux_kernel6.18.0 — 6.18.2

▶CVEListV5linux/linuxbaefdbdf6812e120c9fba9cfb101d3656f478026 — f0022551745d72fc0e7bc8601234d690dee2178d+2

▶debiandebian/linux

🔴Vulnerability Details

OSV

CVE-2025-68355: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_siz↗2025-12-24

▶

OSV

bpf: Fix exclusive map memory leak↗2025-12-24

▶

GHSA

GHSA-j3fw-w5gf-rpg8: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_s↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: bpf: Fix exclusive map memory leak↗2025-12-24

▶

Debian

CVE-2025-68355: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ex...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68355 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶