CVE-2025-68212

Published: Dec 16, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmount_string() In statmount_string(), most flags assign an output offset pointer (offp) which is later updated with the string offset. However, the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the struct fields instead of using offp. This leaves offp uninitialized, leading to a possible uninitialized dereference when *offp is updated. Fix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code path consistent.

Vendor	Product	Versions
Linux	Linux	affected `37c4a9590e1efcae7749682239fc22a330d2d325 - < acfde9400e611c8d2668f1c70053c4a1d6ecfc36` affected `37c4a9590e1efcae7749682239fc22a330d2d325 - < 0778ac7df5137d5041783fadfc201f8fd55a1d9b`
Linux	Linux	affected `6.15` unaffected `0 - < 6.15` unaffected `6.17.10 - <= 6.17.` unaffected `6.18 - <= `

References

https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36

https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-68212

Description

Affected Products

References