CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68230 – drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
https://notcve.org/view.php?id=CVE-2025-68230
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is not restored on resume, register mmCP_HYP_XCP_CTL and mmCP_PSP_XCP_CTL is not right after resume. When CP access the MQD BO, wrong stride size is used, this will cause out of bound access on the MQD BO, resulting pag... • https://git.kernel.org/stable/c/a45d6359eefb41e08d374a3260b10bff5626823b •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68224 – scsi: core: Fix a regression triggered by scsi_host_busy()
https://notcve.org/view.php?id=CVE-2025-68224
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a regression triggered by scsi_host_busy() Commit 995412e23bb2 ("blk-mq: Replace tags->lock with SRCU for tag iterators") introduced the following regression: Call trace: __srcu_read_lock+0x30/0x80 (P) blk_mq_tagset_busy_iter+0x44/0x300 scsi_host_busy+0x38/0x70 ufshcd_print_host_state+0x34/0x1bc ufshcd_link_startup.constprop.0+0xe4/0x2e0 ufshcd_init+0x944/0xf80 ufshcd_pltfrm_init+0x504/0x820 ufs_rockchip_probe+0x2c/0x88 plat... • https://git.kernel.org/stable/c/143257917b836bd5fc434063030fda199e249624 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68223 – drm/radeon: delete radeon_fence_process in is_signaled, no deadlock
https://notcve.org/view.php?id=CVE-2025-68223
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Delete the attempt to progress the queue when checking if fence is signaled. This avoids deadlock. dma-fence_ops::signaled can be called with the fence lock in unknown state. For radeon, the fence lock is also the wait queue lock. This can cause a self deadlock when signaled() tries to make forward progress on the wait queue. But advancing the queue is unneeded because inco... • https://git.kernel.org/stable/c/73bc12d6a547f9571ce4393acfd73c004e2df9e5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68211 – ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
https://notcve.org/view.php?id=CVE-2025-68211
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Currently, scan_get_next_rmap_item() walks every page address in a VMA to locate mergeable pages. This becomes highly inefficient when scanning large virtual memory areas that contain mostly unmapped regions, causing ksmd to use large amount of cpu without deduplicating much pages. This patch replaces the per-address lookup with a range walk using walk_page_range(). ... • https://git.kernel.org/stable/c/31dbd01f314364b70c2e026a5793a29a4da8a9dc •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68203 – drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process
https://notcve.org/view.php?id=CVE-2025-68203
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process Fix a potential deadlock caused by inconsistent spinlock usage between interrupt and process contexts in the userq fence driver. The issue occurs when amdgpu_userq_fence_driver_process() is called from both: - Interrupt context: gfx_v11_0_eop_irq() -> amdgpu_userq_fence_driver_process() - Process context: amdgpu_eviction_fence_suspend_worker() -> amdgpu_userq_fence_driver_for... • https://git.kernel.org/stable/c/1ad70a06d7e91c378b346a3718c81abb50a74b74 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68201 – drm/amdgpu: remove two invalid BUG_ON()s
https://notcve.org/view.php?id=CVE-2025-68201
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. • https://git.kernel.org/stable/c/eaf12bffd7f79f4d46ec028706f9d1a2d90f46fd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68194 – media: imon: make send_packet() more robust
https://notcve.org/view.php?id=CVE-2025-68194
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0() once got -EPROTO error after ictx->dev_present_intf0 became true, usb_rx_callback_intf0() resubmits urb after printk(), and resubmitted urb causes usb_rx_callback_intf0() to again get -EPROTO error. This results in printk() flooding ... • https://git.kernel.org/stable/c/519737af11c03590819a6eec2ad532cfdb87ea63 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68193 – drm/xe/guc: Add devm release action to safely tear down CT
https://notcve.org/view.php?id=CVE-2025-68193
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag, the driver initiates TLB invalidation requests via the CTB mechanism while releasing the BO. However a premature release of the CTB BO can lead to system crashes, as observed in: Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:h2g_write+0x2f3/0x7c0 [xe] Call Trace: guc_ct_send_locked+0x8b/0x670 [xe] xe_guc_ct... • https://git.kernel.org/stable/c/52faa05fcd9f78af99abebe30a4b7b444744c991 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68191 – udp_tunnel: use netdev_warn() instead of netdev_WARN()
https://notcve.org/view.php?id=CVE-2025-68191
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: use netdev_warn() instead of netdev_WARN() netdev_WARN() uses WARN/WARN_ON to print a backtrace along with file and line information. In this case, udp_tunnel_nic_register() returning an error is just a failed operation, not a kernel bug. udp_tunnel_nic_register() can fail due to a memory allocation failure (kzalloc() or udp_tunnel_nic_alloc()). This is a normal runtime error and not a kernel bug. Replace netdev_WARN() with netd... • https://git.kernel.org/stable/c/087f1ed450dc6e7e49ffbbbe5b78be1218c6d5e0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68190 – drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
https://notcve.org/view.php?id=CVE-2025-68190
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a potential NULL pointer dereference in atom_get_src_int() when accessing WS entries. Return -ENOMEM on allocation failure to avoid the NULL dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom:... • https://git.kernel.org/stable/c/35f3fb86bb0158a298d6834e7e110dcaf07f490c •