CVE-2025-68791

Опубликовано: 13 янв. 2026

Источник: redhat

CVSS3: 3.3

Описание

In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fuse-over-io-uring argument copies Fix a possible reference count leak of payload pages during fuse argument copies. [Joanne: simplified error cleanup]

A reference count leak flaw was found in the Linux kernel's FUSE filesystem when using io_uring for argument copies. The copy_finish() function is not called in error paths, causing page reference counts to leak. This can lead to memory being pinned indefinitely and potential resource exhaustion.

Отчет

This affects systems using FUSE filesystems with io_uring (a relatively new feature combination). The leak occurs during error handling of argument copies. Systems using traditional FUSE without io_uring are unaffected.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-911

https://bugzilla.redhat.com/show_bug.cgi?id=2429039kernel: fuse: missing copy_finish in fuse-over-io-uring argument copies

3.3 Low

CVSS3

Связанные уязвимости

CVE-2025-68791

ubuntu

3 месяца назад

CVE-2025-68791

nvd

3 месяца назад

CVE-2025-68791

debian

3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: f ...

GHSA-7jvc-cm4g-4hr3

github

3 месяца назад

BDU:2026-00886

CVSS3: 4.7

fstec

5 месяцев назад

Уязвимость компонента fuse ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

3.3 Low

CVSS3