Description

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmount_string() In statmount_string(), most flags assign an output offset pointer (offp) which is later updated with the string offset. However, the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the struct fields instead of using offp. This leaves offp uninitialized, leading to a possible uninitialized dereference when *offp is updated. Fix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code path consistent.

INFO

Published Date :

2025-12-16T13:57:08.327Z

Last Modified :

2026-01-17T15:46:46.600Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68212 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68212.

URL Resource
https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b cve-icon cve-icon
https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68212-eab7@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68212 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68212 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact