CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68339 – atm/fore200e: Fix possible data race in fore200e_open()
https://notcve.org/view.php?id=CVE-2025-68339
23 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in the error handling path of fore200e_open() to prevent a data race. The field fore200e->available_cell_rate is a shared resource used to track available bandwidth. It is concurrently accessed by fore200e_open(), fore200e_close(), and fore200e_change_qos(). In fore200e_open(), the lock rate_mtx is correctly held when s... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68337 – jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted
https://notcve.org/view.php?id=CVE-2025-68337
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next RIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0 RSP: 0018:ffff888117aafa30 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff888... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68335 – comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
https://notcve.org/view.php?id=CVE-2025-68335
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->read_subdev may not have initialized its pointer to &struct comedi_async as intended. Thus, any such dereferencing of &s->async->cmd will lead to general protection fault and kernel crash. Mitigate this problem by removing a call to pc... • https://git.kernel.org/stable/c/00aba6e7b5653a6607238ecdab7172318059d984 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68332 – comedi: c6xdigio: Fix invalid PNP driver unregistration
https://notcve.org/view.php?id=CVE-2025-68332
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler `c6xdigio_attach()` to configure a Comedi to use this driver, it tries to enable the parallel port PNP resources by registering a PNP driver with `pnp_register_driver()`, but ignores the return value. (The `struct pnp_driver` it uses h... • https://git.kernel.org/stable/c/2c89e159cd2f386285e9522d6476dd7e801bee22 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68327 – usb: renesas_usbhs: Fix synchronous external abort on unbind
https://notcve.org/view.php?id=CVE-2025-68327
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f_ecm modprobe libcomposite modprobe configfs cd /sys/kernel/config/usb_gadget mkdir -p g1 cd g1 echo "0x1d6b" > idVendor echo "0x0104" > idProduct mkdir -p strings/0x409 echo "0123456789" > strings/0x409/serialnumber echo "Renesas." > ... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68324 – scsi: imm: Fix use-after-free bug caused by unfinished delayed work
https://notcve.org/view.php?id=CVE-2025-68324
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM parallel port SCSI host adapter is detached through imm_detach(), the imm_struct device instance is deallocated. However, the delayed work might still be pending or executing when imm_detach() is called, leading to use-after-free bugs... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68315 – f2fs: fix to detect potential corrupted nid in free_nid_list
https://notcve.org/view.php?id=CVE-2025-68315
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fs_alloc_nid() to detect any potential corruption in free_nid_list. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let'... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68307 – can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
https://notcve.org/view.php?id=CVE-2025-68307
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of URBs. This reduces the number of available URBs per error by 1. This leads to reduced performance and ultimately to a complete stop of the transmission. If the sending of a bulk URB fails do proper cleanup: - increase netdev stats - mark the echo_sbk as free - free the driver's context and do accounting - wake the... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68302 – net: sxgbe: fix potential NULL dereference in sxgbe_rx()
https://notcve.org/view.php?id=CVE-2025-68302
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sxgbe: fix potential NULL dereference in sxgbe_rx() Currently, when skb is null, the driver prints an error and then dereferences skb on the next line. To fix this, let's add a 'break' after the error message to switch to sxgbe_rx_refill(), which is similar to the approach taken by the other drivers in this particular case, e.g. calxeda with xgmac_rx(). Found during a code review. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/1edb9ca69e8a7988900fc0283e10550b5592164d •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68296 – drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
https://notcve.org/view.php?id=CVE-2025-68296
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races with switching outputs. VGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon function uses struct fb_info.node, which is set by register_framebuffer(). As the fb-helper code currently sets up VGA switcheroo before ... • https://git.kernel.org/stable/c/6a9ee8af344e3bd7dbd61e67037096cdf7f83289 •