CVE-2025-68376

When ETR is enabled as CSMODESYSFS, if the buffer size is changed and enabled again, currently sysfsbuf will point to the newly allocated memory(bufnew) and free the old memory(bufold). But the etrbuf that is being used by the ETR remains pointed to bufold, not updated to bufnew. In this case, it will result in a memory use-after-free issue.

Fix this by checking ETR's mode before updating and releasing bufold, if the mode is CSMODE_SYSFS, then skip updating and releasing it.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68376.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd2767ec3df2775bc336f441f9068a989ccb919d

Fixed

70acbc9c77686b7a521af6d7a543dcd9c324cf07

Fixed

cda077a19f5c8d6ec61e5b97deca203d95e3a422

Fixed

35501ac3c7d40a7bb9568c2f89d6b56beaf9bed3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

fdd3ceb0001da6768bede9779a0190a42e65c404

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68376.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.17.13

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68376.json"