Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68814

CVE-2025-68814: Linux Kernel Information Disclosure Flaw

CVE-2025-68814 is an information disclosure vulnerability in the Linux kernel's io_uring subsystem that causes a memory leak in __io_openat_prep(). This article covers the technical details, affected versions, and mitigation.

Updated:

CVE-2025-68814 Overview

A memory leak vulnerability has been identified in the Linux kernel's io_uring subsystem, specifically within the __io_openat_prep() function. The vulnerability occurs when a struct filename is allocated via getname() but is not properly cleaned up under certain conditions, leading to memory leakage over time.

Critical Impact

This memory leak vulnerability can lead to system resource exhaustion through repeated exploitation, potentially causing denial of service conditions on affected Linux systems.

Affected Products

  • Linux kernel versions with io_uring support containing the vulnerable __io_openat_prep() function
  • Systems utilizing io_uring for asynchronous I/O operations with fixed file tables

Discovery Timeline

  • 2026-01-13 - CVE CVE-2025-68814 published to NVD
  • 2026-01-13 - Last updated in NVD database

Technical Details for CVE-2025-68814

Vulnerability Analysis

The vulnerability resides in the __io_openat_prep() function within the Linux kernel's io_uring implementation. When preparing an openat operation, the function allocates memory for a struct filename using the getname() kernel function. Under normal operation, this allocated memory should be tracked for cleanup when the io_uring request is torn down.

However, a specific code path exists where the function returns early without proper cleanup preparation. When a file is being installed in the fixed file table AND has the O_CLOEXEC flag set, the function exits before the REQ_F_NEED_CLEANUP flag is set on the request. This flag is essential for signaling to the io_uring cleanup routines that the request contains resources requiring deallocation.

Without this flag, the kernel's request teardown logic does not free the struct filename memory, resulting in a memory leak. Repeated triggering of this condition can cause progressive memory exhaustion on the affected system.

Root Cause

The root cause is a missing flag assignment in the early return path of __io_openat_prep(). The REQ_F_NEED_CLEANUP flag must be set immediately after a successful getname() call to ensure the allocated struct filename is properly tracked for cleanup. The fix repositions this flag assignment to occur right after the getname() allocation succeeds, guaranteeing that all code paths properly mark the request for resource cleanup.

Attack Vector

The attack vector requires local access to the system with the ability to submit io_uring requests. An attacker could exploit this vulnerability by:

  1. Opening a file descriptor using io_uring with the fixed file table installation option
  2. Specifying the O_CLOEXEC flag on the open operation
  3. Repeating this operation to continuously leak memory

Over time, this could exhaust available kernel memory, leading to system instability or denial of service. While this is primarily a local attack vector, any service or application using io_uring with these specific parameters could be abused.

Detection Methods for CVE-2025-68814

Indicators of Compromise

  • Steadily increasing kernel memory consumption without corresponding process memory growth
  • System logs indicating memory pressure or OOM (Out of Memory) killer activity
  • Unusual io_uring activity patterns in process monitoring or system call tracing
  • Slab allocator statistics showing growth in filename-related caches

Detection Strategies

  • Monitor /proc/slabinfo for abnormal growth in filp or names_cache allocations
  • Implement kernel memory usage alerting with thresholds for unexpected consumption patterns
  • Use eBPF or ftrace to trace __io_openat_prep() calls and correlate with memory allocation metrics
  • Deploy auditd rules to track io_uring syscalls with specific flag combinations

Monitoring Recommendations

  • Configure memory monitoring alerts for kernel slab cache growth patterns
  • Implement periodic review of /proc/meminfo MemFree and Slab values
  • Monitor for repeated io_uring openat operations from untrusted processes
  • Enable kernel memory debugging options in non-production environments to detect leaks

How to Mitigate CVE-2025-68814

Immediate Actions Required

  • Update to a patched Linux kernel version that includes the REQ_F_NEED_CLEANUP fix
  • If immediate patching is not possible, consider restricting io_uring access through seccomp policies
  • Monitor system memory usage closely on affected systems pending remediation
  • Evaluate and limit untrusted code's ability to use io_uring operations

Patch Information

The Linux kernel development team has released patches that fix this memory leak vulnerability. The fix ensures the REQ_F_NEED_CLEANUP flag is set immediately after a successful getname() call in __io_openat_prep(), guaranteeing proper cleanup regardless of the code path taken.

Multiple stable kernel commits address this vulnerability:

Workarounds

  • Disable io_uring system-wide using kernel boot parameter io_uring.disabled=1 if not required
  • Apply seccomp filters to restrict io_uring access for untrusted applications
  • Implement cgroup memory limits to contain the impact of potential memory leaks
  • Use process isolation to limit which processes can perform io_uring operations
bash
# Disable io_uring system-wide (add to kernel boot parameters)
io_uring.disabled=1

# Or restrict via sysctl (kernel version dependent)
sysctl -w kernel.io_uring_disabled=2

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.