What is CVE-2025-68356?

CVE-2025-68356 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.6 onward and patched in 6.12.63, 6.17.13, 6.18.2 and others. CVE-2025-68356 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68356?

CVE-2025-68356 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68356?

Yes, CVE-2025-68356 has been patched. Fixed versions include 6.12.63, 6.17.13, 6.18.2 and others. If you are running Linux kernel 6.6 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68356 actively exploited?

CVE-2025-68356 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68356

In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function new_inode() returns a new inode with inode->i_mapping->gfp_mask set to GFP_HIGHUSER_MOVABLE. This value includes the __GFP_FS flag, so allocations in that address space can recurse into filesystem memory reclaim. We don't want that to happen because it can consume a significant amount of stack memory. Worse than that is that it can also deadlock: for example, in several places, gfs2_unstuff_dinode() is called inside filesystem transactions. This calls filemap_grab_folio(), which can allocate a new folio, which can trigger memory reclaim. If memory reclaim recurses into the filesystem and starts another transaction, a deadlock will ensue. To fix these kinds of problems, prevent memory reclaim from recursing into filesystem code by making sure that the gfp_mask of inode address spaces doesn't include __GFP_FS. The "meta" and resource group address spaces were already using GFP_NOFS as their gfp_mask (which doesn't include __GFP_FS). The default value of GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though. To avoid being overly limiting, use the default value and only knock off the __GFP_FS flag. I'm not sure if this will actually make a difference, but it also shouldn't hurt. This patch is loosely based on commit ad22c7a043c2 ("xfs: prevent stack overflows from page cache allocation"). Fixes xfstest generic/273.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.6 and later are affected. Fixed in 6.12.63, 6.17.13, 6.18.2, 6.19 and their respective stable series.

Affected from

≥ 6.6

Fixed in

✓ 6.12.63 6.12.x ✓ 6.17.13 6.17.x ✓ 6.18.2 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-68356 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2c5f4a53476e3cab70adc77b38942c066bd2c17c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/49e7347f4644d031306d56cb4d51e467cbdcbc69
Patch
Kernel patch commit
https://git.kernel.org/stable/c/9c0960ed112398bdb6c60ccf6e6b583bc59acede
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68356?

CVE-2025-68356 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.6 onward and has been patched in 6.12.63, 6.17.13, 6.18.2 and others. CVE-2025-68356 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68356?

Yes — CVE-2025-68356 has been patched. Fixed versions include 6.12.63, 6.17.13, 6.18.2 and others. If you are running Linux kernel 6.6 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68356 actively exploited?

No — CVE-2025-68356 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.