CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68202 – sched_ext: Fix unsafe locking in the scx_dump_state()
https://notcve.org/view.php?id=CVE-2025-68202
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix unsafe locking in the scx_dump_state() For built with CONFIG_PREEMPT_RT=y kernels, the dump_lock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix unsafe locking in the scx_dump_state() For built with CONFIG_PREEMPT_RT=y kernels, the dum... • https://git.kernel.org/stable/c/07814a9439a3b03d79a1001614b5bc1cab69bcec •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68201 – drm/amdgpu: remove two invalid BUG_ON()s
https://notcve.org/view.php?id=CVE-2025-68201
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/3d879e81f0f9ed5d33b5eda0fe5226c884bb8073 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68200 – bpf: Add bpf_prog_run_data_pointers()
https://notcve.org/view.php?id=CVE-2025-68200
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). ... In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). • https://git.kernel.org/stable/c/0d76daf2013ce1da20eab5e26bd81d983e1c18fb •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68199 – codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext
https://notcve.org/view.php?id=CVE-2025-68199
16 Dec 2025 — [21630.898611] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [21630.900372] Modules linked in: squashfs isofs vfio_iommu_type1 vhost_vsock vfio vhost_net vmw_vsock_virtio_transport_common vhost tap vhost_iotlb iommufd vsock binfmt_misc nfsv3 nfs_acl nfs lockd grace netfs tls rds dns_resolver tun brd overlay ntfs3 exfat btrfs blake2b_generic xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject... • https://git.kernel.org/stable/c/09c46563ff6d5f090211e48ff1fdba0ec7f4c97f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68198 – crash: fix crashkernel resource shrink
https://notcve.org/view.php?id=CVE-2025-68198
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. ... • https://git.kernel.org/stable/c/16c6006af4d4e70ecef93977a5314409d931020b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68197 – bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap()
https://notcve.org/view.php?id=CVE-2025-68197
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type tha... • https://git.kernel.org/stable/c/84fcd9449fd7882ddfb05ba64d75f9be2d29b2e9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68196 – drm/amd/display: Cache streams targeting link when performing LT automation
https://notcve.org/view.php?id=CVE-2025-68196
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation [WHY] Last LT automation update can cause crash by referencing current_state and calling into dc_update_planes_and_stream which may clobber current_state. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation [WHY] Last LT automation update can cause crash by refe... • https://git.kernel.org/stable/c/9c6669c2e21a2d9b3f3857883c715a302ae64ac0 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68195 – x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode
https://notcve.org/view.php?id=CVE-2025-68195
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode Running x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out of bounds access. In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode Running x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out of bounds access. • https://git.kernel.org/stable/c/e980de2ff109dacb6d9d3a77f01b27c467115ecb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68194 – media: imon: make send_packet() more robust
https://notcve.org/view.php?id=CVE-2025-68194
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. ... • https://git.kernel.org/stable/c/21677cfc562a27e099719d413287bc8d1d24deb7 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68193 – drm/xe/guc: Add devm release action to safely tear down CT
https://notcve.org/view.php?id=CVE-2025-68193
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag, the driver initiates TLB invalidation requests via the CTB mechanism while releasing the BO. In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALI... • https://git.kernel.org/stable/c/231c4110873a5db4975512c30aa10edcc5be56e2 •