CVSS: 5.5EPSS: %CPEs: 10EXPL: 0CVE-2025-68325 – net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
https://notcve.org/view.php?id=CVE-2025-68325
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. ... In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. • https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88 •
CVSS: 9.8EPSS: %CPEs: 4EXPL: 0CVE-2025-68324 – scsi: imm: Fix use-after-free bug caused by unfinished delayed work
https://notcve.org/view.php?id=CVE-2025-68324
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand(... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-68323 – usb: typec: ucsi: fix use-after-free caused by uec->work
https://notcve.org/view.php?id=CVE-2025-68323
18 Dec 2025 — The buggy address belongs to the object at ffff00000ec28c00 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 200 bytes inside of freed 512-byte region The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ec28 head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) page_type: f5(slab) raw: 03fffe0000000040 ffff000008801c80 dead00000000... • https://git.kernel.org/stable/c/00327d7f2c8c512c9b168daae02c8b989f79ec71 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14762
https://notcve.org/view.php?id=CVE-2025-14762
17 Dec 2025 — Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later. • https://aws.amazon.com/security/security-bulletins/AWS-2025-032 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14761
https://notcve.org/view.php?id=CVE-2025-14761
17 Dec 2025 — Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later • https://aws.amazon.com/security/security-bulletins/AWS-2025-032 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68322 – parisc: Avoid crash due to unaligned access in unwinder
https://notcve.org/view.php?id=CVE-2025-68322
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: [<104320d4>] unwind_once+0x1c/0x5c [<10434a00>] walk_stackframe.isra.0+0x74/0xb8 [<10434a6c>] arch_stack_walk+0x28/0x38 [<104e5efc>] stack_trace_save+0x48/0x5c [<105d1bdc>] set_track_prepare+0x44/0x6c [<105d9c80>] ___slab_alloc+0xfc4/0x1024 [<105d9d38>] _... • https://git.kernel.org/stable/c/9ac1f44723f26881b9fe7e69c7bc25397b879155 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68321 – page_pool: always add GFP_NOWARN for ATOMIC allocations
https://notcve.org/view.php?id=CVE-2025-68321
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. ... In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. • https://git.kernel.org/stable/c/0ec2cd5c58793d0c622797cd5fbe26634b357210 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68320 – lan966x: Fix sleeping in atomic context
https://notcve.org/view.php?id=CVE-2025-68320
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. ... In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. • https://git.kernel.org/stable/c/12c2d0a5b8e2a1afc8c7738e19a0d1dd7f3d4007 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68319 – netconsole: Acquire su_mutex before navigating configs hierarchy
https://notcve.org/view.php?id=CVE-2025-68319
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cg_children list and concurrent add/remove of userdata items through configfs. In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cg_children list and ... • https://git.kernel.org/stable/c/df03f830d099f0811281a222aefdd9d400fa0b72 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68318 – clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL
https://notcve.org/view.php?id=CVE-2025-68318
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easil... • https://git.kernel.org/stable/c/bdec5e01fc2f3114d1fb1daeb1000911d783c4ae •