CVE-2025-68329

Published: December 23, 2025Last modified: December 23, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs When a VMA is split (e.g., by partial munmap or MAP_FIXED), the kernel calls vm_ops->close on each portion. For trace buffer mappings, this results in ring_buffer_unmap() being called multiple times while ring_buffer_map() was only called once. This causes ring_buffer_unmap() to return -ENODEV on subsequent calls because user_mapped is already 0, triggering a WARN_ON. Trace buffer mappings cannot support partial mappings because the ring buffer structure requires the complete buffer including the meta page. Fix this by adding a may_split callback that returns -EINVAL to prevent VMA splits entirely.

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Not affected (6.1.33-r0)
	25 LTS	linux-lts	Fixed (6.12.61-r0)
	Stream	linux-lts	Fixed (6.12.61-r0)

References

https://git.kernel.org/stable/c/45053c12c45f0fb8ef6ab95118dd928d2fec0255
https://git.kernel.org/stable/c/922fdd0b755a84f9933b3ca195f60092b6bb88ee
https://git.kernel.org/stable/c/b042fdf18e89a347177a49e795d8e5184778b5b6