CVE-2025-68814
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix filename leak in __io_openat_prep()
__io_openat_prep() allocates a struct filename using getname(). However, for the condition of the file being installed in the fixed file table as well as having O_CLOEXEC flag set, the function returns early. At that point, the request doesn't have REQ_F_NEED_CLEANUP flag set. Due to this, the memory for the newly allocated struct filename is not cleaned up, causing a memory leak.
Fix this by setting the REQ_F_NEED_CLEANUP for the request just after the successful getname() call, so that when the request is torn down, the filename will be cleaned up, along with other resources needing cleanup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's io_uring subsystem, __io_openat_prep() fails to set a cleanup flag before an early return, leaking memory allocated by getname().
Vulnerability
Details
In the Linux kernel's io_uring subsystem, the function __io_openat_prep() allocates a struct filename via getname(). However, when the file is to be installed in the fixed file table and has the O_CLOEXEC flag set, the function returns early without setting the REQ_F_NEED_CLEANUP flag on the request. This omission means the allocated struct filename is never freed, causing a memory leak [1][2][3].
Exploitation and
Impact
An attacker who can trigger the affected code path (by submitting an IORING_OP_OPENAT request with the appropriate flags) could cause the kernel to leak memory. Repeated exploitation would lead to exhaustion of system memory, resulting in a denial of service (DoS) condition. The vulnerability does not require any special privileges beyond the ability to use io_uring, which is available to unprivileged users in many configurations.
Mitigation
The fix, which sets REQ_F_NEED_CLEANUP immediately after the successful getname() call, has been applied to the Linux kernel stable branches [1][2][3]. Users should update to the latest kernel version that includes the commit. No workaround is available, as the issue is in core kernel code. The CVE is not yet listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/18b99fa603d0df5e1c898699c17d3b92ddc80746nvd
- git.kernel.org/stable/c/2420ef01b2e836fbc05a0a8c73a1016504eb0458nvd
- git.kernel.org/stable/c/7fbfb85b05bc960cc50e09d03e5e562131e48d45nvd
- git.kernel.org/stable/c/8f44c4a550570cd5903625133f938c6b51310c9bnvd
- git.kernel.org/stable/c/b14fad555302a2104948feaff70503b64c80ac01nvd
- git.kernel.org/stable/c/e232269d511566b1f80872256a48593acc1becf4nvd
News mentions
0No linked articles in our index yet.