{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68805", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:30:51.045Z", "datePublished": "2026-01-13T15:29:13.119Z", "dateUpdated": "2026-05-11T21:53:40.862Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:53:40.862Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix io-uring list corruption for terminated non-committed requests\n\nWhen a request is terminated before it has been committed, the request\nis not removed from the queue's list. This leaves a dangling list entry\nthat leads to list corruption and use-after-free issues.\n\nRemove the request from the queue's list for terminated non-committed\nrequests."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/dev_uring.c"], "versions": [{"version": "c090c8abae4b6b77a1bee116aa6c385456ebef96", "lessThan": "a6d1f1ace16d0e777a85f84267160052d3499b6e", "status": "affected", "versionType": "git"}, {"version": "c090c8abae4b6b77a1bee116aa6c385456ebef96", "lessThan": "95c39eef7c2b666026c69ab5b30471da94ea2874", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/dev_uring.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a6d1f1ace16d0e777a85f84267160052d3499b6e"}, {"url": "https://git.kernel.org/stable/c/95c39eef7c2b666026c69ab5b30471da94ea2874"}], "title": "fuse: fix io-uring list corruption for terminated non-committed requests", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix io-uring list corruption for terminated non-committed requests\n\nWhen a request is terminated before it has been committed, the request\nis not removed from the queue's list. This leaves a dangling list entry\nthat leads to list corruption and use-after-free issues.\n\nRemove the request from the queue's list for terminated non-committed\nrequests."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfuse: corrige la corrupci\u00f3n de la lista de io-uring para solicitudes terminadas no confirmadas\n\nCuando una solicitud es terminada antes de que haya sido confirmada, la solicitud no es eliminada de la lista de la cola. Esto deja una entrada de lista colgante que lleva a la corrupci\u00f3n de la lista y a problemas de uso despu\u00e9s de liberaci\u00f3n.\n\nEliminar la solicitud de la lista de la cola para solicitudes terminadas no confirmadas."}], "id": "CVE-2025-68805", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-13T16:16:02.637", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95c39eef7c2b666026c69ab5b30471da94ea2874"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a6d1f1ace16d0e777a85f84267160052d3499b6e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: fuse: fix io-uring list corruption for terminated non-committed requests", "id": "2429105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429105"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfuse: fix io-uring list corruption for terminated non-committed requests\nWhen a request is terminated before it has been committed, the request\nis not removed from the queue's list. This leaves a dangling list entry\nthat leads to list corruption and use-after-free issues.\nRemove the request from the queue's list for terminated non-committed\nrequests."], "name": "CVE-2025-68805", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-68805\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68805\nhttps://lore.kernel.org/linux-cve-announce/2026011309-CVE-2025-68805-3284@gregkh/T"]}

{}