{"id":"CVE-2025-68198","summary":"crash: fix crashkernel resource shrink","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrash: fix crashkernel resource shrink\n\nWhen crashkernel is configured with a high reservation, shrinking its\nvalue below the low crashkernel reservation causes two issues:\n\n1. Invalid crashkernel resource objects\n2. Kernel crash if crashkernel shrinking is done twice\n\nFor example, with crashkernel=200M,high, the kernel reserves 200MB of high\nmemory and some default low memory (say 256MB).  The reservation appears\nas:\n\ncat /proc/iomem | grep -i crash\naf000000-beffffff : Crash kernel\n433000000-43f7fffff : Crash kernel\n\nIf crashkernel is then shrunk to 50MB (echo 52428800 \u003e\n/sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved:\naf000000-beffffff : Crash kernel\n\nInstead, it should show 50MB:\naf000000-b21fffff : Crash kernel\n\nFurther shrinking crashkernel to 40MB causes a kernel crash with the\nfollowing trace (x86):\n\nBUG: kernel NULL pointer dereference, address: 0000000000000038\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\n\u003csnip...\u003e\nCall Trace: \u003cTASK\u003e\n? __die_body.cold+0x19/0x27\n? page_fault_oops+0x15a/0x2f0\n? search_module_extables+0x19/0x60\n? search_bpf_extables+0x5f/0x80\n? exc_page_fault+0x7e/0x180\n? asm_exc_page_fault+0x26/0x30\n? __release_resource+0xd/0xb0\nrelease_resource+0x26/0x40\n__crash_shrink_memory+0xe5/0x110\ncrash_shrink_memory+0x12a/0x190\nkexec_crash_size_store+0x41/0x80\nkernfs_fop_write_iter+0x141/0x1f0\nvfs_write+0x294/0x460\nksys_write+0x6d/0xf0\n\u003csnip...\u003e\n\nThis happens because __crash_shrink_memory()/kernel/crash_core.c\nincorrectly updates the crashk_res resource object even when\ncrashk_low_res should be updated.\n\nFix this by ensuring the correct crashkernel resource object is updated\nwhen shrinking crashkernel memory.","modified":"2026-04-02T13:03:21.617304Z","published":"2025-12-16T13:48:26.998Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68198.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/00fbff75c5acb4755f06f08bd1071879c63940c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2bd247f8c6c5ac3f0ba823a2fffd77bb9cdf618"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f01f9c348d76d40bf104a94449e3ce4057fdefee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f89c5e7077f63e45e8ba5a77b7cf0803130367e6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68198.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68198"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"16c6006af4d4e70ecef93977a5314409d931020b"},{"fixed":"f01f9c348d76d40bf104a94449e3ce4057fdefee"},{"fixed":"f89c5e7077f63e45e8ba5a77b7cf0803130367e6"},{"fixed":"a2bd247f8c6c5ac3f0ba823a2fffd77bb9cdf618"},{"fixed":"00fbff75c5acb4755f06f08bd1071879c63940c5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68198.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.5.0"},{"fixed":"6.6.118"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.59"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68198.json"}}],"schema_version":"1.7.5"}