CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68766 – irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
https://notcve.org/view.php?id=CVE-2025-68766
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access. The code checks for invalid values, but doesn't set the error code. Return -EINVAL in that case, instead of returning success. In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_... • https://git.kernel.org/stable/c/00fa3461c86dd289b441d4d5a6bb236064bd207b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68765 – mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
https://notcve.org/view.php?id=CVE-2025-68765
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing sskb, leading to a memory leak. Fix this by calling dev_kfree_skb() on sskb in the error handling path to ensure it is properly released. In the Linux kernel, the following vulnerability has been resolved: mt76: mt761... • https://git.kernel.org/stable/c/99c457d902cf90bdc0df5d57e6156ec108711068 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68764 – NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
https://notcve.org/view.php?id=CVE-2025-68764
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag. In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the... • https://git.kernel.org/stable/c/f2aedb713c284429987dc66c7aaf38decfc8da2a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68763 – crypto: starfive - Correctly handle return of sg_nents_for_len
https://notcve.org/view.php?id=CVE-2025-68763
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sg_nents_for_len The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers. Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows. In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly han... • https://git.kernel.org/stable/c/7883d1b28a2b0e62edcacea22de6b36a1918b15a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68762 – net: netpoll: initialize work queue before error checks
https://notcve.org/view.php?id=CVE-2025-68762
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c:4242 in __flush_work) occurs because the cleanup path tries to cancel an uninitialized work queue. When __netpoll_setup() encounters a device with IFF_DISABLE_NETPOLL, it fails early and calls skb_pool_flush() for cleanup. This function calls cancel_work_syn... • https://git.kernel.org/stable/c/248f6571fd4c51531f7f8f07f186f7ae98a50afc •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68761 – hfs: fix potential use after free in hfs_correct_next_unused_CNID()
https://notcve.org/view.php?id=CVE-2025-68761
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so flip these two lines around. • https://git.kernel.org/stable/c/a06ec283e125e334155fe13005c76c9f484ce759 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68760 – iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show
https://notcve.org/view.php?id=CVE-2025-68760
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with the check: `iommu->dbg_mmio_offset > iommu->mmio_phys_end - 4`. This assumes a 4-byte access. However, the corresponding show handler, iommu_mmio_show(), uses readq() to perform an 8-byte (64-bit) read. If a user provides an offset equal to `mmio_phys_end - 4`, the check passes, and will lead to a 4-byte out-of-bo... • https://git.kernel.org/stable/c/7a4ee419e8c144b747a8915856e91a034d7c8f34 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68759 – wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
https://notcve.org/view.php?id=CVE-2025-68759
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed on exit. Fix that by jumping to err_free_rings label on error, which calls rtl8180_free_rx_ring() to free the allocations. Remove the free of rx_ring in rtl8180_init_rx_ring() error path, and set the free... • https://git.kernel.org/stable/c/f653211197f3841f383fa9757ef8ce182c6cf627 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68758 – backlight: led-bl: Add devlink to supplier LEDs
https://notcve.org/view.php?id=CVE-2025-68758
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections in a device tree ... • https://git.kernel.org/stable/c/ae232e45acf9621f2c96b41ca3af006ac7552c33 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68757 – drm/vgem-fence: Fix potential deadlock on release
https://notcve.org/view.php?id=CVE-2025-68757
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called on last dma_fence_put(). In some scenarios, it can run in IRQ context, which is not safe unless TIMER_IRQSAFE is used. One potentially risky scenario was demonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while working on new IGT subtests sy... • https://git.kernel.org/stable/c/4077798484459a2eced2050045099a466ecb618a •