Memory Leak in Linux Kernel's Timer Mechanism

CVE-2025-68247

What is CVE-2025-68247?

A memory leak vulnerability has been identified in the Linux kernel's posix-timers functionality. The issue arises during the creation of posix timers when the allocation of a timer ID occurs but fails due to a fault in accessing user space values. As a result, the function exits without freeing the posix timer structure that was already allocated, potentially leading to resource depletion and decreased system performance. To address this vulnerability, developers have relocated the allocation process to occur after user space access, ensuring proper memory management.

References