CVE-2025-68791 — Improper Update of Reference Count in Linux

CWE-911 — Improper Update of Reference Count10 documents7 sources

Severity

6.4MEDIUM

No vector

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +3 more

Timeline

PublishedJan 13

Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fuse-over-io-uring argument copies Fix a possible reference count leak of payload pages during fuse argument copies. [Joanne: simplified error cleanup]

Affected Packages7 packages

▶Linuxlinux/linux_kernel6.14.0 — 6.18.3

▶Debianlinux/linux_kernel< 6.18.3-1

▶CVEListV5linux/linuxc090c8abae4b6b77a1bee116aa6c385456ebef96 — b79938863f436960eff209130f025c4bd3026bf8+2

▶debiandebian/linux< linux 6.18.3-1 (forky)

▶ubuntuubuntu/linux-gcp

🔴Vulnerability Details

GHSA

GHSA-7jvc-cm4g-4hr3: In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fuse-over-io-uring argument copies Fix a possible r↗2026-01-13

▶

OSV

CVE-2025-68791: In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fuse-over-io-uring argument copies Fix a possible ref↗2026-01-13

▶

OSV

fuse: missing copy_finish in fuse-over-io-uring argument copies↗2026-01-13

▶

📋Vendor Advisories

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel vulnerabilities↗2026-04-16

▶

Red Hat

kernel: fuse: missing copy_finish in fuse-over-io-uring argument copies↗2026-01-13

▶

Debian

CVE-2025-68791: linux - In the Linux kernel, the following vulnerability has been resolved: fuse: missi...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68791 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶