CVE-2025-68329
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs
When a VMA is split (e.g., by partial munmap or MAP_FIXED), the kernel calls vm_ops->close on each portion. For trace buffer mappings, this results in ring_buffer_unmap() being called multiple times while ring_buffer_map() was only called once.
This causes ring_buffer_unmap() to return -ENODEV on subsequent calls because user_mapped is already 0, triggering a WARN_ON.
Trace buffer mappings cannot support partial mappings because the ring buffer structure requires the complete buffer including the meta page.
Fix this by adding a may_split callback that returns -EINVAL to prevent VMA splits entirely.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 < 922fdd0b755a84f9933b3ca195f60092b6bb88ee | affected |
| Linux | Linux | cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 < 45053c12c45f0fb8ef6ab95118dd928d2fec0255 | affected |
| Linux | Linux | cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 < b042fdf18e89a347177a49e795d8e5184778b5b6 | affected |
| Linux | Linux | 6.10 | affected |
| Linux | Linux | 0 < 6.10 | unaffected |
| Linux | Linux | 6.12.61 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.11 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/922fdd0b755a84f9933b3ca195f60092b6bb88ee
- https://git.kernel.org/stable/c/45053c12c45f0fb8ef6ab95118dd928d2fec0255
- https://git.kernel.org/stable/c/b042fdf18e89a347177a49e795d8e5184778b5b6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.