CVE-2025-68329

Summary

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs

When a VMA is split (e.g., by partial munmap or MAP_FIXED), the kernel calls vm_ops->close on each portion. For trace buffer mappings, this results in ring_buffer_unmap() being called multiple times while ring_buffer_map() was only called once.

This causes ring_buffer_unmap() to return -ENODEV on subsequent calls because user_mapped is already 0, triggering a WARN_ON.

Trace buffer mappings cannot support partial mappings because the ring buffer structure requires the complete buffer including the meta page.

Fix this by adding a may_split callback that returns -EINVAL to prevent VMA splits entirely.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 < 922fdd0b755a84f9933b3ca195f60092b6bb88eeaffected
LinuxLinuxcf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 < 45053c12c45f0fb8ef6ab95118dd928d2fec0255affected
LinuxLinuxcf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 < b042fdf18e89a347177a49e795d8e5184778b5b6affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.61 <= 6.12.*unaffected
LinuxLinux6.17.11 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References