CVE-2025-68814

13.01.2026, 16:16

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix filename leak in __io_openat_prep()

 __io_openat_prep() allocates a struct filename using getname(). However,
for the condition of the file being installed in the fixed file table as
well as having O_CLOEXEC flag set, the function returns early. At that
point, the request doesn't have REQ_F_NEED_CLEANUP flag set. Due to this,
the memory for the newly allocated struct filename is not cleaned up,
causing a memory leak.

Fix this by setting the REQ_F_NEED_CLEANUP for the request just after the
successful getname() call, so that when the request is torn down, the
filename will be cleaned up, along with other resources needing cleanup.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.247-1 fixed
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	6.18.3-1 fixed

References

https://git.kernel.org/stable/c/18b99fa603d0df5e1c898699c17d3b92ddc80746

https://git.kernel.org/stable/c/7fbfb85b05bc960cc50e09d03e5e562131e48d45

https://git.kernel.org/stable/c/8f44c4a550570cd5903625133f938c6b51310c9b

https://git.kernel.org/stable/c/b14fad555302a2104948feaff70503b64c80ac01

https://git.kernel.org/stable/c/e232269d511566b1f80872256a48593acc1becf4