CVE-2025-68292

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's memfd functionality related to hugetlb folios. Specifically, when allocating huge transparent pages for memfd, initialization steps were missing, potentially leading to kernel memory disclosure to user space. This issue bypasses the normal page fault handler, which would typically handle these initializations. The problem is particularly relevant in udmabuf use cases where folios are pinned and directly accessed by user space via Direct Memory Access (DMA). The missing steps include failing to zero the folios, failing to mark them as uptodate before adding them to the page cache, and not acquiring the hugetlb fault mutex before adding to the page cache. The issue could allow uninitialized kernel memory to be disclosed to user space through read or mmap operations on the memfd.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.