Skip to main content

Linux Kernel CVE-2025-68239

2025-12-16 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

2
Analysis Generated
Mar 25, 2026 - 11:22 vuln.today
CVE Published
Dec 16, 2025 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

binfmt_misc: restore write access before closing files opened by open_exec()

bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on the file to avoid modification while it is being executed.

However, when an error occurs, bm_register_write() closes the file using filp_close() directly. This does not restore the write permission, which may cause subsequent write operations on the same file to fail.

Fix this by calling exe_file_allow_write_access() before filp_close() to restore the write permission properly.

AnalysisAI

Linux kernel binfmt_misc module fails to restore write access to executable files when error handling closes improperly opened file descriptors, potentially causing subsequent write operations on the same file to fail and creating a denial-of-service condition for legitimate file modifications. The vulnerability affects the bm_register_write() function which uses open_exec() to open executable files with intentionally denied write permissions, but does not call exe_file_allow_write_access() before closing the file on error paths. With an EPSS score of 0.03% (8th percentile), this represents a low exploitation probability; no public exploit has been identified at time of analysis.

Technical ContextAI

The Linux kernel binfmt_misc subsystem manages binary format handlers and uses open_exec() to safely open executable files while denying write access through do_open_execat(). The open_exec() function internally invokes deny_write_access() to prevent file modification while execution is occurring. However, error paths in bm_register_write() call filp_close() directly without first restoring write permissions via exe_file_allow_write_access(). This is a resource management issue (CWE class involving improper cleanup of resources) where the file descriptor is closed but the associated write-denial state persists in the inode structure. The root cause lies in asymmetric error handling where the deny_write_access state acquired during open_exec() is not properly reversed before file closure.

Affected ProductsAI

The Linux kernel is affected; specific version ranges are not explicitly defined in the provided data but the vulnerability exists in the binfmt_misc module across multiple stable kernel branches based on the five referenced commits. The fixes are available in stable kernel series as indicated by the git.kernel.org stable branch commits: 480ac88431703f2adbb8e6b5bd73c3f3cf9f3d7f, 6cce7bc7fac8471c832696720d9c8f2a976d9c54, 90f601b497d76f40fa66795c3ecf625b6aced9fd, e785f552ab04dbca01d31f0334f4561240b04459, and fbab8c08e1a6dbaef81e22d672a7647553101d16. Linux distributions shipping affected kernel versions prior to receiving these patches are impacted, though the exact affected kernel versions are not enumerated in the provided intelligence.

RemediationAI

Apply kernel updates from your Linux distribution that include the binfmt_misc write access restoration fix. Upstream patches are available via the Linux kernel stable branches referenced at https://git.kernel.org/stable/c/480ac88431703f2adbb8e6b5bd73c3f3cf9f3d7f and related commits. System administrators should prioritize kernel updates from their distribution vendor (Red Hat, Canonical, SUSE, Debian, etc.) which will backport these fixes into their supported kernel versions. Until patching is completed, the vulnerability only manifests when bm_register_write() encounters errors during binary format handler registration, so limiting use of custom binfmt_misc handlers to trusted configurations provides partial mitigation. No workaround at the application or configuration level can prevent the underlying kernel-level issue; patching is the primary remediation path.

CVE-2022-0847 HIGH POC
7.8 Mar 10

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged lo

CVE-2015-1328 HIGH POC
7.8 Nov 28

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no

CVE-2017-7308 HIGH POC
7.8 Mar 29

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer

CVE-2017-16995 HIGH POC
7.8 Dec 27

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial

CVE-2017-1000112 HIGH POC
7.0 Oct 05

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public ex

CVE-2015-8660 MEDIUM POC
6.7 Dec 28

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op

CVE-2012-0056 MEDIUM POC
6.9 Jan 27

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when

CVE-2014-0038 MEDIUM POC
6.9 Feb 06

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo

CVE-2016-8655 HIGH POC
7.8 Dec 08

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau

CVE-2016-0728 HIGH POC
7.8 Feb 08

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object ref

CVE-2017-0561 CRITICAL POC
9.8 Apr 07

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary

CVE-2022-2588 MEDIUM POC
5.3 Jan 08

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the h

Share

CVE-2025-68239 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy