CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68307 – can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
https://notcve.org/view.php?id=CVE-2025-68307
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of URBs. This reduces the number of available URBs per error by 1. This leads to reduced performance and ultimately to a complete stop of the transmission. If the sending of a bulk URB fails do proper cleanup: - increase netdev stats - mark the echo_sbk as free - free the driver's context and do accounting - wake the... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68302 – net: sxgbe: fix potential NULL dereference in sxgbe_rx()
https://notcve.org/view.php?id=CVE-2025-68302
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sxgbe: fix potential NULL dereference in sxgbe_rx() Currently, when skb is null, the driver prints an error and then dereferences skb on the next line. To fix this, let's add a 'break' after the error message to switch to sxgbe_rx_refill(), which is similar to the approach taken by the other drivers in this particular case, e.g. calxeda with xgmac_rx(). Found during a code review. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/1edb9ca69e8a7988900fc0283e10550b5592164d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68297 – ceph: fix crash in process_v2_sparse_read() for encrypted directories
https://notcve.org/view.php?id=CVE-2025-68297
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be reproduced by the steps: sudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,ms_mode=secure (1) mkdir /mnt/cephfs/fscrypt-test-3 (2) cp area_decrypted.tar /mnt/cephfs/fscrypt-test-3 (3) fscrypt encrypt --sour... • https://git.kernel.org/stable/c/5a3f3e39b18705bc578fae58abacc8ef93c15194 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68296 – drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
https://notcve.org/view.php?id=CVE-2025-68296
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races with switching outputs. VGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon function uses struct fb_info.node, which is set by register_framebuffer(). As the fb-helper code currently sets up VGA switcheroo before ... • https://git.kernel.org/stable/c/6a9ee8af344e3bd7dbd61e67037096cdf7f83289 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-68295 – smb: client: fix memory leak in cifs_construct_tcon()
https://notcve.org/view.php?id=CVE-2025-68295
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifs_construct_tcon() When having a multiuser mount with domain= specified and using cifscreds, cifs_set_cifscreds() will end up setting @ctx->domainname, so it needs to be freed before leaving cifs_construct_tcon(). This fixes the following memory leak reported by kmemleak: mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,... su - testuser cifscreds add -d ZELDA -u testuser ... ls /mnt/1 ... umount /mnt... • https://git.kernel.org/stable/c/f2aee329a68f5a907bcff11a109dfe17c0b41aeb •
CVSS: 5.6EPSS: 0%CPEs: 13EXPL: 0CVE-2025-68288 – usb: storage: Fix memory leak in USB bulk transport
https://notcve.org/view.php?id=CVE-2025-68288
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were mainly observed: 0x53425355. When USB storage devices incorrectly skip the data phase with status data, the code extracts/validates the CSW from the sg buffer, but fails to clear it afterwards. This leaves status protocol data in srb's transfer buffer, such as the US_BULK_CS... • https://git.kernel.org/stable/c/a45b599ad808c3c982fdcdc12b0b8611c2f92824 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68287 – usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths
https://notcve.org/view.php?id=CVE-2025-68287
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests()`, leading to premature freeing of USB requests and subsequent crashes. Three distinct execution paths interact with `dwc3_remove_requests()`: Path 1: Triggered via `dwc3_gadget_reset_interrupt()` during USB reset handling. The call ... • https://git.kernel.org/stable/c/72246da40f3719af3bfd104a2365b32537c27d83 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68285 – libceph: fix potential use-after-free in have_mon_and_osd_map()
https://notcve.org/view.php?id=CVE-2025-68285
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both ceph_monc_handle_map() and handle_one_map() install a new map immediately after freeing the old one kfree(monc->monmap); monc->monmap = monmap; ceph_osdmap_destroy(osdc->osdmap); osdc->osdmap = newmap; under client->monc.mutex and clie... • https://git.kernel.org/stable/c/bb4910c5fd436701faf367e1b5476a5a6d2aff1c •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68284 – libceph: prevent potential out-of-bounds writes in handle_auth_session_key()
https://notcve.org/view.php?id=CVE-2025-68284
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the connection secret or processing service tickets. [ idryomov: changelog ] In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key(... • https://git.kernel.org/stable/c/f22c55a20a2d9ffbbac57408d5d488cef8201e9d •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68283 – libceph: replace BUG_ON with bounds check for map->max_osd
https://notcve.org/view.php?id=CVE-2025-68283
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUG_ON with bounds check for map->max_osd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map->max_osd. [ idryomov: drop BUG_ON in ceph_get_primary_affinity(), minor cosmetic edits ] In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUG_ON with bounds check for map->max_osd OSD indexes come from untrusted network packets. Boundary checks... • https://git.kernel.org/stable/c/57f5fbae9f1024aba17ff75e00433324115c548a •