CVE-2025-68293 in Linux
Summary
by MITRE • 12/16/2025
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix NULL pointer deference when splitting folio
Commit c010d47f107f ("mm: thp: split huge page to any lower order pages") introduced an early check on the folio's order via mapping->flags before proceeding with the split work.
This check introduced a bug: for shmem folios in the swap cache and truncated folios, the mapping pointer can be NULL. Accessing mapping->flags in this state leads directly to a NULL pointer dereference.
This commit fixes the issue by moving the check for mapping != NULL before any attempt to access mapping->flags.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/22/2026
The vulnerability identified as CVE-2025-68293 represents a critical NULL pointer dereference flaw within the Linux kernel's memory management subsystem, specifically affecting the huge memory handling mechanisms. This issue manifests in the mm/huge_memory component where the kernel attempts to split folios during memory management operations. The vulnerability arises from improper handling of memory mapping structures during the folio splitting process, creating a potential crash condition that could be exploited to disrupt system operations or potentially escalate privileges.
The technical root cause stems from a regression introduced in commit c010d47f107f which implemented a check on folio order through mapping->flags before proceeding with split operations. This change inadvertently created a race condition or logic flaw where the code attempts to access mapping->flags without first validating whether the mapping pointer itself is NULL. This particular scenario occurs specifically with shmem folios located in the swap cache and truncated folios, where the mapping structure may legitimately be NULL during certain transitional states of memory management operations. The flaw aligns with CWE-476 which identifies NULL pointer dereference as a common security vulnerability pattern.
The operational impact of this vulnerability extends beyond simple system crashes, potentially enabling denial of service attacks against running systems. When a malicious actor can trigger the specific conditions that lead to this NULL pointer dereference, the kernel will crash and restart, resulting in service interruption. In high-availability environments, this could provide an avenue for persistent disruption. The vulnerability particularly affects systems heavily utilizing transparent huge pages and shared memory mechanisms, making it relevant to database servers, virtualization platforms, and other memory-intensive applications. From an ATT&CK framework perspective, this vulnerability could be leveraged as a pre-exploitation technique for system stability disruption before more sophisticated attacks.
The fix implemented addresses the core issue by reordering the validation logic to ensure that mapping != NULL is checked before any access to mapping->flags occurs. This simple but critical change prevents the NULL pointer dereference by establishing proper defensive programming practices. The solution follows established security principles of input validation and defensive coding, ensuring that all pointer accesses are properly validated before use. System administrators should prioritize applying this patch to all affected kernel versions, particularly those running memory-intensive workloads or systems utilizing transparent huge pages. The vulnerability demonstrates the importance of thorough testing of memory management code changes, especially in kernel space where such flaws can have cascading effects on system stability and security posture.