CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68321 – page_pool: always add GFP_NOWARN for ATOMIC allocations
https://notcve.org/view.php?id=CVE-2025-68321
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network Rx to hit page allocation failures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations by default. In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN fo... • https://git.kernel.org/stable/c/ff7d6b27f894f1469dc51ccb828b7363ccd9799f •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68315 – f2fs: fix to detect potential corrupted nid in free_nid_list
https://notcve.org/view.php?id=CVE-2025-68315
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fs_alloc_nid() to detect any potential corruption in free_nid_list. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let'... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-68312 – usbnet: Prevents free active kevent
https://notcve.org/view.php?id=CVE-2025-68312
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has not yet been scheduled when the usbnet device is unregistered. Therefore, executing free_netdev() results in the "free active object (kevent)" error reported here. 2. Another factor is that when calling usbnet_disconnect()->unregiste... • https://git.kernel.org/stable/c/8b4588b8b00b299be16a35be67b331d8fdba03f3 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68308 – can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
https://notcve.org/view.php?id=CVE-2025-68308
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: leaf: Fix potential infinite loop in command parsers The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback` functions contain logic to zero-length commands. These commands are used to align data to the USB endpoint's wMaxPacketSize boundary. The driver attempts to skip these placeholders by aligning the buffer position `pos` to the next packet boundary using `round_up()` function. However, if zero-length ... • https://git.kernel.org/stable/c/7259124eac7d1b76b41c7a9cb2511a30556deebe •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68307 – can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
https://notcve.org/view.php?id=CVE-2025-68307
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of URBs. This reduces the number of available URBs per error by 1. This leads to reduced performance and ultimately to a complete stop of the transmission. If the sending of a bulk URB fails do proper cleanup: - increase netdev stats - mark the echo_sbk as free - free the driver's context and do accounting - wake the... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68303 – platform/x86: intel: punit_ipc: fix memory corruption
https://notcve.org/view.php?id=CVE-2025-68303
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punit_ipc: fix memory corruption This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipcdev" (without the ampersand). This means that the: complete(&ipcdev->cmd_complete); in intel_punit_ioc() will write to a wrong memory address corrupting it. In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punit_ipc: fix memory corruption... • https://git.kernel.org/stable/c/fdca4f16f57da76a8e68047923588a87d1c01f0a •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68302 – net: sxgbe: fix potential NULL dereference in sxgbe_rx()
https://notcve.org/view.php?id=CVE-2025-68302
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sxgbe: fix potential NULL dereference in sxgbe_rx() Currently, when skb is null, the driver prints an error and then dereferences skb on the next line. To fix this, let's add a 'break' after the error message to switch to sxgbe_rx_refill(), which is similar to the approach taken by the other drivers in this particular case, e.g. calxeda with xgmac_rx(). Found during a code review. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/1edb9ca69e8a7988900fc0283e10550b5592164d •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68296 – drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
https://notcve.org/view.php?id=CVE-2025-68296
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races with switching outputs. VGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon function uses struct fb_info.node, which is set by register_framebuffer(). As the fb-helper code currently sets up VGA switcheroo before ... • https://git.kernel.org/stable/c/6a9ee8af344e3bd7dbd61e67037096cdf7f83289 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-68295 – smb: client: fix memory leak in cifs_construct_tcon()
https://notcve.org/view.php?id=CVE-2025-68295
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifs_construct_tcon() When having a multiuser mount with domain= specified and using cifscreds, cifs_set_cifscreds() will end up setting @ctx->domainname, so it needs to be freed before leaving cifs_construct_tcon(). This fixes the following memory leak reported by kmemleak: mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,... su - testuser cifscreds add -d ZELDA -u testuser ... ls /mnt/1 ... umount /mnt... • https://git.kernel.org/stable/c/f2aee329a68f5a907bcff11a109dfe17c0b41aeb •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2025-68289 – usb: gadget: f_eem: Fix memory leak in eem_unwrap
https://notcve.org/view.php?id=CVE-2025-68289
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix memory leak in eem_unwrap The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks. Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers. kmemleak results: unreferenced object 0... • https://git.kernel.org/stable/c/3b545788505b2e2883aff13bdddeacaf88942a4f •