CVE-2025-68329

Linux Kernel 6.10-6.12.60, 6.13-6.17.10, 6.18 - Denial of Service via VMA Split Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs When a VMA is split (e.g., by partial munmap or MAP_FIXED), the kernel calls vm_ops->close on each portion. For trace buffer mappings, this results in ring_buffer_unmap() being called multiple times while ring_buffer_map() was only called once. This causes ring_buffer_unmap() to return -ENODEV on subsequent calls because user_mapped is already 0, triggering a WARN_ON. Trace buffer mappings cannot support partial mappings because the ring buffer structure requires the complete buffer including the meta page. Fix this by adding a may_split callback that returns -EINVAL to prevent VMA splits entirely.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/922fdd0b755a84f9933b3ca195f60092b6bb88ee

Patch

https://git.kernel.org/stable/c/45053c12c45f0fb8ef6ab95118dd928d2fec0255

Patch

https://git.kernel.org/stable/c/b042fdf18e89a347177a49e795d8e5184778b5b6

Scores

EPSS 0.0002

EPSS Percentile 5.9%

Details

Status published

Products (10)

linux/Kernel 6.10.0 - 6.12.61linux

linux/Kernel 6.13.0 - 6.17.11linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.12.61 - 6.12.*

Linux/Linux 6.17.11 - 6.17.*

Linux/Linux 6.18

Linux/Linux cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 - 45053c12c45f0fb8ef6ab95118dd928d2fec0255

Linux/Linux cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 - 922fdd0b755a84f9933b3ca195f60092b6bb88ee

Linux/Linux cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 - b042fdf18e89a347177a49e795d8e5184778b5b6

Published Dec 22, 2025

Tracked Since Feb 18, 2026