CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68796 – f2fs: fix to avoid updating zero-sized extent in extent cache
https://notcve.org/view.php?id=CVE-2025-68796
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0] ------------[ cut here ]------------ kernel BUG at fs/f2fs/extent_cache.c:678! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIO... • https://git.kernel.org/stable/c/6e9619499f53b22ead972e476c0e8341c997d929 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68795 – ethtool: Avoid overflowing userspace buffer on stats query
https://notcve.org/view.php?id=CVE-2025-68795
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and ETHTOOL_GSTATS for the values. If the number of stats changes between these calls (e.g., due to device reconfiguration), userspace's buffer allocation will be incorrect, potentially leading to buffer overflow. Drivers are generally expected to maintain stabl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68794 – iomap: adjust read range correctly for non-block-aligned positions
https://notcve.org/view.php?id=CVE-2025-68794
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case for erofs. This causes too many bytes to be skipped for uptodate blocks, which results in returning the incorrect position and length to read in. If all the blocks are uptodate, this underflows length and retur... • https://git.kernel.org/stable/c/9dc55f1389f9569acf9659e58dd836a9c70df217 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68788 – fsnotify: do not generate ACCESS/MODIFY events on child for special files
https://notcve.org/view.php?id=CVE-2025-68788
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the same user to subscribe for watching events on children when the user has access to the parent directory (e.g. /dev). Users with no read access to a file but with read access to its parent directory can still stat the file and see i... • https://git.kernel.org/stable/c/72acc854427948efed7a83da27f7dc3239ac9afc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68787 – netrom: Fix memory leak in nr_sendmsg()
https://notcve.org/view.php?id=CVE-2025-68787
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the original skb is not freed, which was allocated in nr_sendmsg(). Fix this by freeing it before return. [1] BUG: memory leak unreferenced object 0xffff888129f35500 (size 240): comm "syz.0.17", pid 6119, jiffies 4294944652 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68786 – ksmbd: skip lock-range check on equal size to avoid size==0 underflow
https://notcve.org/view.php?id=CVE-2025-68786
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current i_size (including 0), the code used to call check_lock_range(filp, i_size, size - 1, WRITE), which computes `size - 1` and can underflow for size==0. Skip the equal case. In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current i_size ... • https://git.kernel.org/stable/c/f44158485826c076335d6860d35872271a83791d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68785 – net: openvswitch: fix middle attribute validation in push_nsh() action
https://notcve.org/view.php?id=CVE-2025-68785
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in push_nsh() action The push_nsh() action structure looks like this: OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...)) The outermost OVS_ACTION_ATTR_PUSH_NSH attribute is OK'ed by the nla_for_each_nested() inside __ovs_nla_copy_actions(). The innermost OVS_NSH_KEY_ATTR_BASE/MD1/MD2 are OK'ed by the nla_for_each_nested() inside nsh_key_put_from_nlattr(). But nothing check... • https://git.kernel.org/stable/c/b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68783 – ALSA: usb-mixer: us16x08: validate meter packet indices
https://notcve.org/view.php?id=CVE-2025-68783
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices get_meter_levels_from_urb() parses the 64-byte meter packets sent by the device and fills the per-channel arrays meter_level[], comp_level[] and master_level[] in struct snd_us16x08_meter_store. Currently the function derives the channel index directly from the meter packet (MUB2(meter_urb, s) - 1) and uses it to index those arrays without validating the range. If the packet contains a... • https://git.kernel.org/stable/c/d2bb390a2081a36ffe906724d2848d846f2aeb29 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68782 – scsi: target: Reset t_task_cdb pointer in error case
https://notcve.org/view.php?id=CVE-2025-68782
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb pointer in error case If allocation of cmd->t_task_cdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL t_task_cdb value to point at the default fixed-size buffer. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb pointer in error case If allocation ... • https://git.kernel.org/stable/c/9e95fb805dc043cc8ed878a08d1583e4097a5f80 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68781 – usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
https://notcve.org/view.php?id=CVE-2025-68781
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_otg_conf() and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2. When the USB ID pin state changes (cable insertion/removal). A race condition occurs when the device is removed via fsl_otg_remove(): the fsl_otg instance may be freed while the delayed work is still pending o... • https://git.kernel.org/stable/c/0807c500a1a6d7fa20cbd7bbe7fea14a66112463 •