CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68775 – net/handshake: duplicate handshake cancellations leak socket
https://notcve.org/view.php?id=CVE-2025-68775
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshake_net->hn_requests list, but it is still present in the handshake_rhashtbl until it is destroyed. If a second cancellation request arrives for the same handshake request, then remove_pending() will return false... and assuming HANDSHAKE_F_REQ_COMPLETED isn't set in req->hr_flags, we'll continue processing through... • https://git.kernel.org/stable/c/3b3009ea8abb713b022d94fba95ec270cf6e7eae •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68774 – hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
https://notcve.org/view.php?id=CVE-2025-68774
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create When sync() and link() are called concurrently, both threads may enter hfs_bnode_find() without finding the node in the hash table and proceed to create it. Thread A: hfsplus_write_inode() -> hfsplus_write_system_inode() -> hfs_btree_write() -> hfs_bnode_find(tree, 0) -> __hfs_bnode_create(tree, 0) Thread B: hfsplus_create_cat() -> hfs_brec_insert() -> hfs_bnode_split() -> hfs_bmap_... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2025-68773 – spi: fsl-cpm: Check length parity before switching to 16 bit mode
https://notcve.org/view.php?id=CVE-2025-68773
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the size is really even before switching to 16 bit mode. Until recently the problem went unnoticed because kernfs uses a pre-allocated bounce buffer of size PAGE_SIZE for reading EEPROM. But commit 8ad6249c51d0 ("eeprom: at25: convert to spi-mem API") introduced a... • https://git.kernel.org/stable/c/60afe299bb541a928ba39bcb4ae8d3e428d1c5a5 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68772 – f2fs: fix to avoid updating compression context during writeback
https://notcve.org/view.php?id=CVE-2025-68772
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68771 – ocfs2: fix kernel BUG in ocfs2_find_victim_chain
https://notcve.org/view.php?id=CVE-2025-68771
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition in ocfs2_find_victim_chain() and panicking the kernel. To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(), just before calling ocfs2_find_victim_chain(),... • https://git.kernel.org/stable/c/ccd979bdbce9fba8412beb3f1de68a9d0171b12c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68769 – f2fs: fix return value of f2fs_recover_fsync_data()
https://notcve.org/view.php?id=CVE-2025-68769
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 >> /mnt/f2fs/foo f2fs_io fsync /mnt/f2fs/foo f2fs_io shutdown 2 /mnt/f2fs umount /mnt/f2fs mount -o ro,norecovery /dev/vdd /mnt/f2fs or mount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only:... • https://git.kernel.org/stable/c/6781eabba1bdb133eb9125c4acf6704ccbe4df02 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68768 – inet: frags: flush pending skbs in fqdir_pre_exit()
https://notcve.org/view.php?id=CVE-2025-68768
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September in NIPA. The stuck task was usually modprobe (often loading a driver like ipvlan), trying to take the lock as a Writer. lockdep does not track readers for rwsems so the read wasn't obvious from the reports. On closer inspection the Reader holding the lock was conntrack looping forever in nf_conntrack_cleanup_net_l... • https://git.kernel.org/stable/c/d5dd88794a13c2f24cce31abad7a0a6c5e0ed2db •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68767 – hfsplus: Verify inode mode when loading from disk
https://notcve.org/view.php?id=CVE-2025-68767
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is no... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68766 – irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
https://notcve.org/view.php?id=CVE-2025-68766
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access. The code checks for invalid values, but doesn't set the error code. Return -EINVAL in that case, instead of returning success. In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_... • https://git.kernel.org/stable/c/00fa3461c86dd289b441d4d5a6bb236064bd207b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68765 – mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
https://notcve.org/view.php?id=CVE-2025-68765
05 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing sskb, leading to a memory leak. Fix this by calling dev_kfree_skb() on sskb in the error handling path to ensure it is properly released. In the Linux kernel, the following vulnerability has been resolved: mt76: mt761... • https://git.kernel.org/stable/c/99c457d902cf90bdc0df5d57e6156ec108711068 •