FKIE_CVE-2025-68814

Vulnerability from fkie_nvd - Published: 2026-01-13 16:16 - Updated: 2026-04-15 00:35
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix filename leak in __io_openat_prep() __io_openat_prep() allocates a struct filename using getname(). However, for the condition of the file being installed in the fixed file table as well as having O_CLOEXEC flag set, the function returns early. At that point, the request doesn't have REQ_F_NEED_CLEANUP flag set. Due to this, the memory for the newly allocated struct filename is not cleaned up, causing a memory leak. Fix this by setting the REQ_F_NEED_CLEANUP for the request just after the successful getname() call, so that when the request is torn down, the filename will be cleaned up, along with other resources needing cleanup.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/18b99fa603d0df5e1c898699c17d3b92ddc80746
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2420ef01b2e836fbc05a0a8c73a1016504eb0458
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7fbfb85b05bc960cc50e09d03e5e562131e48d45
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8f44c4a550570cd5903625133f938c6b51310c9b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b14fad555302a2104948feaff70503b64c80ac01
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e232269d511566b1f80872256a48593acc1becf4
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix filename leak in __io_openat_prep()\n\n __io_openat_prep() allocates a struct filename using getname(). However,\nfor the condition of the file being installed in the fixed file table as\nwell as having O_CLOEXEC flag set, the function returns early. At that\npoint, the request doesn\u0027t have REQ_F_NEED_CLEANUP flag set. Due to this,\nthe memory for the newly allocated struct filename is not cleaned up,\ncausing a memory leak.\n\nFix this by setting the REQ_F_NEED_CLEANUP for the request just after the\nsuccessful getname() call, so that when the request is torn down, the\nfilename will be cleaned up, along with other resources needing cleanup."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nio_uring: corregir fuga de filename en __io_openat_prep()\n\n__io_openat_prep() asigna una estructura filename usando getname(). Sin embargo, para la condici\u00f3n de que el archivo est\u00e9 instalado en la tabla de archivos fija, as\u00ed como de tener la bandera O_CLOEXEC establecida, la funci\u00f3n retorna prematuramente. En ese punto, la solicitud no tiene la bandera REQ_F_NEED_CLEANUP establecida. Debido a esto, la memoria para la estructura filename reci\u00e9n asignada no se limpia, causando una fuga de memoria.\n\nSolucione esto estableciendo la bandera REQ_F_NEED_CLEANUP para la solicitud justo despu\u00e9s de la llamada exitosa a getname(), de modo que cuando la solicitud sea desmantelada, el filename ser\u00e1 limpiado, junto con otros recursos que necesiten limpieza."
    }
  ],
  "id": "CVE-2025-68814",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {},
  "published": "2026-01-13T16:16:03.643",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/18b99fa603d0df5e1c898699c17d3b92ddc80746"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2420ef01b2e836fbc05a0a8c73a1016504eb0458"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7fbfb85b05bc960cc50e09d03e5e562131e48d45"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8f44c4a550570cd5903625133f938c6b51310c9b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b14fad555302a2104948feaff70503b64c80ac01"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e232269d511566b1f80872256a48593acc1becf4"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Deferred"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.