{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68247", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.266Z", "datePublished": "2025-12-16T14:21:24.359Z", "dateUpdated": "2025-12-16T14:21:24.359Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-16T14:21:24.359Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Plug potential memory leak in do_timer_create()\n\nWhen posix timer creation is set to allocate a given timer ID and the\naccess to the user space value faults, the function terminates without\nfreeing the already allocated posix timer structure.\n\nMove the allocation after the user space access to cure that.\n\n[ tglx: Massaged change log ]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/time/posix-timers.c"], "versions": [{"version": "ec2d0c04624b3c8a7eb1682e006717fa20cfbe24", "lessThan": "f417f44524e7fc098e787c718d838b32723c0b2d", "status": "affected", "versionType": "git"}, {"version": "ec2d0c04624b3c8a7eb1682e006717fa20cfbe24", "lessThan": "e0fd4d42e27f761e9cc82801b3f183e658dc749d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/time/posix-timers.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.9", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.17.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f417f44524e7fc098e787c718d838b32723c0b2d"}, {"url": "https://git.kernel.org/stable/c/e0fd4d42e27f761e9cc82801b3f183e658dc749d"}], "title": "posix-timers: Plug potential memory leak in do_timer_create()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Plug potential memory leak in do_timer_create()\n\nWhen posix timer creation is set to allocate a given timer ID and the\naccess to the user space value faults, the function terminates without\nfreeing the already allocated posix timer structure.\n\nMove the allocation after the user space access to cure that.\n\n[ tglx: Massaged change log ]"}], "id": "CVE-2025-68247", "lastModified": "2025-12-16T15:15:53.987", "metrics": {}, "published": "2025-12-16T15:15:53.987", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e0fd4d42e27f761e9cc82801b3f183e658dc749d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f417f44524e7fc098e787c718d838b32723c0b2d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}