CVE-2025-68239

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

binfmt_misc: restore write access before closing files opened by open_exec()

bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on the file to avoid modification while it is being executed.

However, when an error occurs, bm_register_write() closes the file using filp_close() directly. This does not restore the write permission, which may cause subsequent write operations on the same file to fail.

Fix this by calling exe_file_allow_write_access() before filp_close() to restore the write permission properly.

EPSS Score: 0.00164 (0.060)

Common Weakness Enumeration (CWE)

ADVISORY - nist
ADVISORY - redhat

Missing Release of Resource after Effective Lifetime


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in