CVE-2025-68805

Summary

In the Linux kernel, the following vulnerability has been resolved:

fuse: fix io-uring list corruption for terminated non-committed requests

When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to list corruption and use-after-free issues.

Remove the request from the queue's list for terminated non-committed requests.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc090c8abae4b6b77a1bee116aa6c385456ebef96 < a6d1f1ace16d0e777a85f84267160052d3499b6eaffected
LinuxLinuxc090c8abae4b6b77a1bee116aa6c385456ebef96 < 95c39eef7c2b666026c69ab5b30471da94ea2874affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.18.3 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References