CVE-2025-68292

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/memfd: fix information leak in hugetlb folios<br /> <br /> When allocating hugetlb folios for memfd, three initialization steps are<br /> missing:<br /> <br /> 1. Folios are not zeroed, leading to kernel memory disclosure to userspace<br /> 2. Folios are not marked uptodate before adding to page cache<br /> 3. hugetlb_fault_mutex is not taken before hugetlb_add_to_page_cache()<br /> <br /> The memfd allocation path bypasses the normal page fault handler<br /> (hugetlb_no_page) which would handle all of these initialization steps. <br /> This is problematic especially for udmabuf use cases where folios are<br /> pinned and directly accessed by userspace via DMA.<br /> <br /> Fix by matching the initialization pattern used in hugetlb_no_page():<br /> - Zero the folio using folio_zero_user() which is optimized for huge pages<br /> - Mark it uptodate with folio_mark_uptodate()<br /> - Take hugetlb_fault_mutex before adding to page cache to prevent races<br /> <br /> The folio_zero_user() change also fixes a potential security issue where<br /> uninitialized kernel memory could be disclosed to userspace through read()<br /> or mmap() operations on the memfd.