CVE-2025-68805
Description
In the Linux kernel, the following vulnerability has been resolved:
fuse: fix io-uring list corruption for terminated non-committed requests
When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to list corruption and use-after-free issues.
Remove the request from the queue's list for terminated non-committed requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FUSE io-uring requests terminated before commit cause list corruption and use-after-free; fixed by removing them from the queue list.
Vulnerability
Description
In the Linux kernel's FUSE filesystem, a bug exists in the io-uring request handling code. When a FUSE request is terminated before it has been committed, the request is not removed from the queue's list. This creates a dangling list entry that can lead to list corruption and use-after-free vulnerabilities [1].
Exploitation and
Impact
The vulnerability arises from improper cleanup of io-uring request entries. An attacker with local access and the ability to trigger FUSE operations could potentially exploit this bug to cause memory corruption or achieve use-after-free conditions. This could lead to system crashes or potentially privilege escalation within the kernel [1].
Mitigation
The fix has been applied in the upstream Linux kernel repository. The commit removes the terminated but non-committed request from the queue's list before proceeding with termination. Users and distributors should apply this patch to their kernels to prevent exploitation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.