CVE-2025-68252
Description
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
In fastrpc_map_lookup, dma_buf_get is called to obtain a reference to the dma_buf for comparison purposes. However, this reference is never released when the function returns, leading to a dma_buf memory leak.
Fix this by adding dma_buf_put before returning from the function, ensuring that the temporarily acquired reference is properly released regardless of whether a matching map is found.
Rule: add
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A dma_buf reference leak in the Linux kernel's fastrpc driver can lead to memory exhaustion, fixed by adding dma_buf_put in fastrpc_map_lookup.
Vulnerability
Analysis
CVE-2025-68252 describes a memory leak in the Linux kernel's misc: fastrpc driver. The function fastrpc_map_lookup calls dma_buf_get to obtain a reference to a DMA buffer for comparison purposes, but this reference is never released when the function returns. This results in a dma_buf object leak, as the acquired reference is not freed regardless of whether a matching map is found [1][2].
Exploitation and
Impact
The vulnerability is triggered during normal operation of the fastrpc driver, which is used for remote processor communication (e.g., with DSPs). An attacker with local access and the ability to invoke fastrpc operations could repeatedly trigger the leak, leading to gradual memory exhaustion. The leak does not require special privileges beyond the ability to interact with the fastrpc device, making it a potential vector for denial-of-service attacks.
Mitigation
The fix is straightforward: add a call to dma_buf_put before every return path in fastrpc_map_lookup, ensuring the temporary reference is properly released. The patch has been applied to the Linux kernel stable branches [1][2]. Users should update their kernels to include the fix. No workaround is available other than applying the patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/214e81a63a9aa0be42382ef0365ba5ed32c513abnvd
- git.kernel.org/stable/c/9a297a68c3ba4a7ecb31ed52f61bd6634abb79d3nvd
- git.kernel.org/stable/c/c2fef5ebb73f3dabae6fbc571d181914ed32c483nvd
- git.kernel.org/stable/c/e17b13387827adce7acb19ac0f07f9bcafe0ff4cnvd
- git.kernel.org/stable/c/fff111bf45cbeeb659324316d68554e35d350092nvd
News mentions
0No linked articles in our index yet.