CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68303 – platform/x86: intel: punit_ipc: fix memory corruption
https://notcve.org/view.php?id=CVE-2025-68303
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punit_ipc: fix memory corruption This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipcdev" (without the ampersand). In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punit_ipc: fix memory corruption This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipc... • https://git.kernel.org/stable/c/fdca4f16f57da76a8e68047923588a87d1c01f0a •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68302 – net: sxgbe: fix potential NULL dereference in sxgbe_rx()
https://notcve.org/view.php?id=CVE-2025-68302
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sxgbe: fix potential NULL dereference in sxgbe_rx() Currently, when skb is null, the driver prints an error and then dereferences skb on the next line. In the Linux kernel, the following vulnerability has been resolved: net: sxgbe: fix potential NULL dereference in sxgbe_rx() Currently, when skb is null, the driver prints an error and then dereferences skb on the next line. ... • https://git.kernel.org/stable/c/1edb9ca69e8a7988900fc0283e10550b5592164d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68301 – net: atlantic: fix fragment overflow handling in RX path
https://notcve.org/view.php?id=CVE-2025-68301
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descript... • https://git.kernel.org/stable/c/cd66ab20a8f84474564a68fffffd37d998f6c340 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68300 – fs/namespace: fix reference leak in grab_requested_mnt_ns
https://notcve.org/view.php?id=CVE-2025-68300
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grab_requested_mnt_ns lookup_mnt_ns() already takes a reference on mnt_ns. grab_requested_mnt_ns() doesn't need to take an extra reference. In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grab_requested_mnt_ns lookup_mnt_ns() already takes a reference on mnt_ns. grab_requested_mnt_ns() doesn't need to take an extra reference. • https://git.kernel.org/stable/c/ba306daa7fa8ae0be5d64c215e9d43a88b4bc8bf •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68299 – afs: Fix delayed allocation of a cell's anonymous key
https://notcve.org/view.php?id=CVE-2025-68299
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall... • https://git.kernel.org/stable/c/7e33b15d5a6578a99ebf189cea34983270ae92dd •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68298 – Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref
https://notcve.org/view.php?id=CVE-2025-68298
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref In btusb_mtk_setup(), we set `btmtk_data->isopkt_intf` to: usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM) That function can return NULL in some cases. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref In btusb_mtk_setup(), we set `btmtk_data->isopkt_intf` to: usb_ifnum_to... • https://git.kernel.org/stable/c/930e1790b99e5839e1af69d2f7fd808f1fba2df9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68297 – ceph: fix crash in process_v2_sparse_read() for encrypted directories
https://notcve.org/view.php?id=CVE-2025-68297
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. ... __pfx_kthread+0x10/0x10 [ 408.072402] ret_from_fork_asm+0x1a/0x30 [ 408.072406] [ 408.072407] ---[ end trace 0000000000000000 ]--- [ 408.072418] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000 ---truncated--- In the Linux... • https://git.kernel.org/stable/c/da9c33a70f095d5d55c36d0bfeba969e31de08ae •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68296 – drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
https://notcve.org/view.php?id=CVE-2025-68296
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. ... In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. • https://git.kernel.org/stable/c/6a9ee8af344e3bd7dbd61e67037096cdf7f83289 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-68295 – smb: client: fix memory leak in cifs_construct_tcon()
https://notcve.org/view.php?id=CVE-2025-68295
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifs_construct_tcon() When having a multiuser mount with domain= specified and using cifscreds, cifs_set_cifscreds() will end up setting @ctx->domainname, so it needs to be freed before leaving cifs_construct_tcon(). This fixes the following memory leak reported by kmemleak: mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,... su - testuser cifscreds add -d ZELDA -u testuser ... ls /mnt/1 ... • https://git.kernel.org/stable/c/f2aee329a68f5a907bcff11a109dfe17c0b41aeb •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68294 – io_uring/net: ensure vectored buffer node import is tied to notification
https://notcve.org/view.php?id=CVE-2025-68294
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification io_kiocb, sr->notif. In the Linux kernel, the following vulnerability has been resolved: io_uring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is ... • https://git.kernel.org/stable/c/23371eac7d9a9bca5360cfb3eb3aa08648ee7246 •