Home

Description

In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash if crashkernel shrinking is done twice For example, with crashkernel=200M,high, the kernel reserves 200MB of high memory and some default low memory (say 256MB). The reservation appears as: cat /proc/iomem | grep -i crash af000000-beffffff : Crash kernel 433000000-43f7fffff : Crash kernel If crashkernel is then shrunk to 50MB (echo 52428800 > /sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved: af000000-beffffff : Crash kernel Instead, it should show 50MB: af000000-b21fffff : Crash kernel Further shrinking crashkernel to 40MB causes a kernel crash with the following trace (x86): BUG: kernel NULL pointer dereference, address: 0000000000000038 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI <snip...> Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? __release_resource+0xd/0xb0 release_resource+0x26/0x40 __crash_shrink_memory+0xe5/0x110 crash_shrink_memory+0x12a/0x190 kexec_crash_size_store+0x41/0x80 kernfs_fop_write_iter+0x141/0x1f0 vfs_write+0x294/0x460 ksys_write+0x6d/0xf0 <snip...> This happens because __crash_shrink_memory()/kernel/crash_core.c incorrectly updates the crashk_res resource object even when crashk_low_res should be updated. Fix this by ensuring the correct crashkernel resource object is updated when shrinking crashkernel memory.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-16 | Updated 2025-12-16 | Assigner Linux

Product status

Default status
unaffected

16c6006af4d4e70ecef93977a5314409d931020b (git) before f01f9c348d76d40bf104a94449e3ce4057fdefee
affected

16c6006af4d4e70ecef93977a5314409d931020b (git) before f89c5e7077f63e45e8ba5a77b7cf0803130367e6
affected

16c6006af4d4e70ecef93977a5314409d931020b (git) before a2bd247f8c6c5ac3f0ba823a2fffd77bb9cdf618
affected

16c6006af4d4e70ecef93977a5314409d931020b (git) before 00fbff75c5acb4755f06f08bd1071879c63940c5
affected

Default status
affected

6.5
affected

Any version before 6.5
unaffected

6.6.118 (semver)
unaffected

6.12.59 (semver)
unaffected

6.17.9 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/f01f9c348d76d40bf104a94449e3ce4057fdefee

git.kernel.org/...c/f89c5e7077f63e45e8ba5a77b7cf0803130367e6

git.kernel.org/...c/a2bd247f8c6c5ac3f0ba823a2fffd77bb9cdf618

git.kernel.org/...c/00fbff75c5acb4755f06f08bd1071879c63940c5

cve.org (CVE-2025-68198)

nvd.nist.gov (CVE-2025-68198)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.