CVSS: 5.5EPSS: %CPEs: 10EXPL: 0CVE-2025-68325 – net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
https://notcve.org/view.php?id=CVE-2025-68325
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This m... • https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88 •
CVSS: 9.8EPSS: %CPEs: 4EXPL: 0CVE-2025-68324 – scsi: imm: Fix use-after-free bug caused by unfinished delayed work
https://notcve.org/view.php?id=CVE-2025-68324
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM parallel port SCSI host adapter is detached through imm_detach(), the imm_struct device instance is deallocated. However, the delayed work might still be pending or executing when imm_detach() is called, leading to use-after-free bugs... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68322 – parisc: Avoid crash due to unaligned access in unwinder
https://notcve.org/view.php?id=CVE-2025-68322
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: [<104320d4>] unwind_once+0x1c/0x5c [<10434a00>] walk_stackframe.isra.0+0x74/0xb8 [<10434a6c>] arch_stack_walk+0x28/0x38 [<104e5efc>] stack_trace_save+0x48/0x5c [<105d1bdc>] set_track_prepare+0x44/0x6c [<105d9c80>] ___slab_alloc+0xfc4/0x1024 [<105d9d38>] __slab_a... • https://git.kernel.org/stable/c/9ac1f44723f26881b9fe7e69c7bc25397b879155 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68321 – page_pool: always add GFP_NOWARN for ATOMIC allocations
https://notcve.org/view.php?id=CVE-2025-68321
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network Rx to hit page allocation failures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations by default. In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN fo... • https://git.kernel.org/stable/c/0ec2cd5c58793d0c622797cd5fbe26634b357210 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68320 – lan966x: Fix sleeping in atomic context
https://notcve.org/view.php?id=CVE-2025-68320
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 104, name: dropbear preempt_count: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 UID: 0 PID: 104 Comm: dropbear Tainted: G W 6.18.0-rc2-00399-g6f1ab1b109b9-dirty #530 NONE Tainted: [W]... • https://git.kernel.org/stable/c/12c2d0a5b8e2a1afc8c7738e19a0d1dd7f3d4007 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68318 – clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL
https://notcve.org/view.php?id=CVE-2025-68318
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. Set all AXI clock gates to CLK_IS_CRITICAL. All these clock gates are ungated by default on system reset. In addition, convert all current CLK_IGNORE_UNUSED usage to CLK_IS_CRITICAL to prevent unwanted clock gating. In the Linux kernel, the ... • https://git.kernel.org/stable/c/bdec5e01fc2f3114d1fb1daeb1000911d783c4ae •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68317 – io_uring/zctx: check chained notif contexts
https://notcve.org/view.php?id=CVE-2025-68317
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/zctx: check chained notif contexts Send zc only links ubuf_info for requests coming from the same context. There are some ambiguous syz reports, so let's check the assumption on notification completion. In the Linux kernel, the following vulnerability has been resolved: io_uring/zctx: check chained notif contexts Send zc only links ubuf_info for requests coming from the same context. There are some ambiguous syz reports, so let's c... • https://git.kernel.org/stable/c/aaafd17d3f4be2c15539359a5b4bfa00237f687f •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68315 – f2fs: fix to detect potential corrupted nid in free_nid_list
https://notcve.org/view.php?id=CVE-2025-68315
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fs_alloc_nid() to detect any potential corruption in free_nid_list. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let'... • https://git.kernel.org/stable/c/6b9525596a83cd5b7bbc2c7bd5f9ad9cf5ad60fa •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68313 – x86/CPU/AMD: Add RDSEED fix for Zen5
https://notcve.org/view.php?id=CVE-2025-68313
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success (CF=1)". Search the web for AMD-SB-7055 for more detail. Add a fix glue which checks microcode revisions. [ bp: Add microcode revisions checking, rewrite. ] In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/e980de2ff109dacb6d9d3a77f01b27c467115ecb •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-68312 – usbnet: Prevents free active kevent
https://notcve.org/view.php?id=CVE-2025-68312
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has not yet been scheduled when the usbnet device is unregistered. Therefore, executing free_netdev() results in the "free active object (kevent)" error reported here. 2. Another factor is that when calling usbnet_disconnect()->unregiste... • https://git.kernel.org/stable/c/8b4588b8b00b299be16a35be67b331d8fdba03f3 •