CVE-2025-68212

UNKNOWN 0.0

fs: Fix uninitialized 'offp' in statmount_string()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmount_string() In statmount_string(), most flags assign an output offset pointer (offp) which is later updated with the string offset. However, the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the struct fields instead of using offp. This leaves offp uninitialized, leading to a possible uninitialized dereference when *offp is updated. Fix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code path consistent.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 16, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

37c4a9590e1efcae7749682239fc22a330d2d325 < acfde9400e611c8d2668f1c70053c4a1d6ecfc36 37c4a9590e1efcae7749682239fc22a330d2d325 < 0778ac7df5137d5041783fadfc201f8fd55a1d9b

Linux / Linux

6.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36 git.kernel.org: https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b