CVE-2025-68348

Vulnerability

A memory leak vulnerability exists in the Linux kernel's block layer function __blkdev_issue_zero_pages. The root cause is that the code allocated a bio via bio_alloc() before checking for a pending fatal signal when BLKDEV_ZERO_KILLABLE is set. If a fatal signal was pending, the function would break out of the loop without freeing or chaining the newly allocated bio, leading to a memory leak. This pattern was already corrected in the similar function __blkdev_issue_write_zeroes(), where the signal check precedes allocation [1][2].

Exploitation

Exploitation requires local access and the ability to trigger a zero-page write operation while a fatal signal is pending. No special privileges are needed beyond the ability to issue block I/O, making it accessible to unprivileged users on systems where the affected kernel is in use. The bug is triggered during normal operation when a process receives a fatal signal (e.g., SIGKILL) while performing a zero-fill block device operation.

Impact

An attacker can repeatedly trigger the leak to exhaust kernel memory, potentially leading to denial of service conditions or resource starvation for other processes. The leak is per-iteration under the specific signal condition, so sustained exploitation can degrade system performance or cause crashes.

Mitigation

The vulnerability is patched in updated Linux kernel versions. The fix has been backported to stable kernels; the commits referenced in the kernel repository (e.g., commits 453e4b0c84d0 and f7e3f852a42d) apply to various stable branches [1][2]. Users should update their kernel to include the fix or apply the patch manually.