CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68313 – x86/CPU/AMD: Add RDSEED fix for Zen5
https://notcve.org/view.php?id=CVE-2025-68313
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success (CF=1)". Search the web for AMD-SB-7055 for more detail. Add a fix glue which checks microcode revisions. [ bp: Add microcode revisions checking, rewrite. ] In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/e980de2ff109dacb6d9d3a77f01b27c467115ecb •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-68312 – usbnet: Prevents free active kevent
https://notcve.org/view.php?id=CVE-2025-68312
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has not yet been scheduled when the usbnet device is unregistered. Therefore, executing free_netdev() results in the "free active object (kevent)" error reported here. 2. Another factor is that when calling usbnet_disconnect()->unregiste... • https://git.kernel.org/stable/c/8b4588b8b00b299be16a35be67b331d8fdba03f3 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68311 – tty: serial: ip22zilog: Use platform device for probing
https://notcve.org/view.php?id=CVE-2025-68311
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: ip22zilog: Use platform device for probing After commit 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") serial drivers need to provide a device in struct uart_port.dev otherwise an oops happens. To fix this issue for ip22zilog driver switch driver to a platform driver and setup the serial device in sgi-ip22 code. In the Linux kernel, the following vulnerability has been resolved: tty: seria... • https://git.kernel.org/stable/c/460e0dc9af2d7790d5194c6743d79f9b77b58836 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68310 – s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump
https://notcve.org/view.php?id=CVE-2025-68310
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pci_cfg_access_lock() when executing the s390 variant of PCI error recovery: Acquire just device_lock() instead of pci_dev_lock() as powerpc's EEH and generig PCI AER processing do. During error recovery testing a pair of tasks was reported to be hung: mlx5_core 0000:00:00.1: mlx5_health_try_recover:338:(pid 5553): health recovery fl... • https://git.kernel.org/stable/c/4cdf2f4e24ff0d345fc36ef6d6aec059333a261e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68309 – PCI/AER: Fix NULL pointer access by aer_info
https://notcve.org/view.php?id=CVE-2025-68309
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aer_info The kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info->xxx will result in kernel panic. Fix it. In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aer_info The kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info->xxx will result in kernel panic. Fix it. • https://git.kernel.org/stable/c/6618243bcc3f60825f761a41ed65fef9fe97eb25 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68308 – can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
https://notcve.org/view.php?id=CVE-2025-68308
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: leaf: Fix potential infinite loop in command parsers The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback` functions contain logic to zero-length commands. These commands are used to align data to the USB endpoint's wMaxPacketSize boundary. The driver attempts to skip these placeholders by aligning the buffer position `pos` to the next packet boundary using `round_up()` function. However, if zero-length ... • https://git.kernel.org/stable/c/7259124eac7d1b76b41c7a9cb2511a30556deebe •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68307 – can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
https://notcve.org/view.php?id=CVE-2025-68307
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of URBs. This reduces the number of available URBs per error by 1. This leads to reduced performance and ultimately to a complete stop of the transmission. If the sending of a bulk URB fails do proper cleanup: - increase netdev stats - mark the echo_sbk as free - free the driver's context and do accounting - wake the... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68306 – Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface
https://notcve.org/view.php?id=CVE-2025-68306
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface When performing reset tests and encountering abnormal card drop issues that lead to a kernel crash, it is necessary to perform a null check before releasing resources to avoid attempting to release a null pointer. <4>[ 29.158070] Hardware name: Google Quigon sku196612/196613 board (DT) <4>[ 29.158076] Workqueue: hci0 hci_cmd_sync_work [bluetooth] <4>[ 29.158154] p... • https://git.kernel.org/stable/c/ceac1cb0259de682d78f5c784ef8e0b13022e9d9 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68305 – Bluetooth: hci_sock: Prevent race in socket write iter and sock bind
https://notcve.org/view.php?id=CVE-2025-68305
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter sends the cmd, just as syzbot reported in UAF[1]. Here we use hci_dev_lock to synchronize the two, thereby avoiding the UAF mentioned in [1]. [1] syzbot reported: BUG: KASAN: slab-use-after-free in mgmt_pending_remove+0x3b/0x210 net/blu... • https://git.kernel.org/stable/c/bdd56875c6926d8009914f427df71797693e90d4 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68304 – Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
https://notcve.org/view.php?id=CVE-2025-68304
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: lookup hci_conn on RX path on protocol side The hdev lock/lookup/unlock/use pattern in the packet RX path doesn't ensure hci_conn* is not concurrently modified/deleted. This locking appears to be leftover from before conn_hash started using RCU commit bf4c63252490b ("Bluetooth: convert conn hash to RCU") and not clear if it had purpose since then. Currently, there are code paths that delete hci_conn* from elsewhere than... • https://git.kernel.org/stable/c/5af1f84ed13a416297ab9ced7537f4d5ae7f329a •