CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68188 – tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
https://notcve.org/view.php?id=CVE-2025-68188
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. • https://git.kernel.org/stable/c/bc2b881a0896c111c1041d8bb1f92a3b3873ace5 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68185 – nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
https://notcve.org/view.php?id=CVE-2025-68185
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack. Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that. In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/6025f641a0e30afdc5aa62017397b1860ad9f677 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68183 – ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
https://notcve.org/view.php?id=CVE-2025-68183
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then writes/removes some other security xattr for the file. For example, on Fedora, after booting the kernel with "ima_appraise=fix evm=fix ima_policy=appraise_tcb" and installing rpm-plugin-ima, installing/reinstalling... • https://git.kernel.org/stable/c/d2993a7e98eb70c737c6f5365a190e79c72b8407 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68178 – blk-cgroup: fix possible deadlock while configuring policy
https://notcve.org/view.php?id=CVE-2025-68178
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not tainted ------------------------------------------------------ check/1334 is trying to acquire lock: ff1100011d9d0678 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_unregister_queue+0x53/0x180 but task is already holding lock: ff1100011d9d00e0... • https://git.kernel.org/stable/c/e1729523759cda2c0afb76b1c88e0d2f2ef5b7cb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68177 – cpufreq/longhaul: handle NULL policy in longhaul_exit
https://notcve.org/view.php?id=CVE-2025-68177
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longhaul_exit longhaul_exit() was calling cpufreq_cpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic. This patch adds a check using unlikely() and returns early if the policy is NULL. Bugzilla: #219962 In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longh... • https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68176 – PCI: cadence: Check for the existence of cdns_pcie::ops before using it
https://notcve.org/view.php?id=CVE-2025-68176
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops. Hence, add a check to prevent NULL pointer dereference. [mani: reworded subject and description] In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie:... • https://git.kernel.org/stable/c/d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68175 – media: nxp: imx8-isi: Fix streaming cleanup on release
https://notcve.org/view.php?id=CVE-2025-68175
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can lead to situations where any release call (like from a simple "v4l2-ctl -l") may release a currently streaming queue when called on such a device. This is reproducible on an i.MX8MP board by streaming from an ISI capture device using gstreamer: gst-launch-1.0 -v v4l2sr... • https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68174 – amd/amdkfd: enhance kfd process check in switch partition
https://notcve.org/view.php?id=CVE-2025-68174
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfd_processes_table is empty. kfd_prcesses_table entry is deleted in kfd_process_notifier_release, but kfd_process tear down is in kfd_process_wq_release. consider two processes: Process A (workqueue) -> kfd_process_wq_release -> Access kfd_node member Process B switch partition -> amdgpu_xcp_pre_partition_switch -> amdgpu_amdkfd_device_fini_sw ... • https://git.kernel.org/stable/c/536d80f660ec12058e461f4db387ea42bee9250d •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68173 – ftrace: Fix softlockup in ftrace_module_enable
https://notcve.org/view.php?id=CVE-2025-68173
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftrace_module_enable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsyms_lookup can spend too much time in RCU critical section and with disabled preemption, causing kernel panic. This is the same issue that was fixed in commit d0b24b4e91fc ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY kernels") and commit 42ea22e754ba ("ftrace: Add cond_... • https://git.kernel.org/stable/c/a1dd0abd741a8111260676da729825d6c1461a71 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68168 – jfs: fix uninitialized waitqueue in transaction manager
https://notcve.org/view.php?id=CVE-2025-68168
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on read-only filesystems. When a filesystem is mounted read-only, txBegin() returns tid=0 to indicate no transaction. However, txEnd(0) still gets called and tries to access TxBlock[0].waitor via tid_to_tblock(0), but this waitqueue was n... • https://git.kernel.org/stable/c/d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64 •