AZL-74381

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74381.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74381

Upstream

CVE-2025-68814

Published

2026-01-13T16:16:03Z

Modified

2026-04-01T05:22:43.401960Z

Summary

CVE-2025-68814 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix filename leak in __ioopenatprep()

__ioopenatprep() allocates a struct filename using getname(). However, for the condition of the file being installed in the fixed file table as well as having OCLOEXEC flag set, the function returns early. At that point, the request doesn't have REQFNEEDCLEANUP flag set. Due to this, the memory for the newly allocated struct filename is not cleaned up, causing a memory leak.

Fix this by setting the REQFNEED_CLEANUP for the request just after the successful getname() call, so that when the request is torn down, the filename will be cleaned up, along with other resources needing cleanup.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68814

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74381.json"