CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68792 – tpm2-sessions: Fix out of range indexing in name_size
https://notcve.org/view.php?id=CVE-2025-68792
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in name_size 'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic. End also th... • https://git.kernel.org/stable/c/1085b8276bb4239daa7008f0dcd5c973e4bd690f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68788 – fsnotify: do not generate ACCESS/MODIFY events on child for special files
https://notcve.org/view.php?id=CVE-2025-68788
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the same user to subscribe for watching events on children when the user has access to the parent directory (e.g. /dev). Users with no read access to a file but with read access to its parent directory can still stat the file and see i... • https://git.kernel.org/stable/c/72acc854427948efed7a83da27f7dc3239ac9afc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68787 – netrom: Fix memory leak in nr_sendmsg()
https://notcve.org/view.php?id=CVE-2025-68787
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the original skb is not freed, which was allocated in nr_sendmsg(). Fix this by freeing it before return. [1] BUG: memory leak unreferenced object 0xffff888129f35500 (size 240): comm "syz.0.17", pid 6119, jiffies 4294944652 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68786 – ksmbd: skip lock-range check on equal size to avoid size==0 underflow
https://notcve.org/view.php?id=CVE-2025-68786
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current i_size (including 0), the code used to call check_lock_range(filp, i_size, size - 1, WRITE), which computes `size - 1` and can underflow for size==0. Skip the equal case. In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current i_size ... • https://git.kernel.org/stable/c/f44158485826c076335d6860d35872271a83791d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68785 – net: openvswitch: fix middle attribute validation in push_nsh() action
https://notcve.org/view.php?id=CVE-2025-68785
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in push_nsh() action The push_nsh() action structure looks like this: OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...)) The outermost OVS_ACTION_ATTR_PUSH_NSH attribute is OK'ed by the nla_for_each_nested() inside __ovs_nla_copy_actions(). The innermost OVS_NSH_KEY_ATTR_BASE/MD1/MD2 are OK'ed by the nla_for_each_nested() inside nsh_key_put_from_nlattr(). But nothing check... • https://git.kernel.org/stable/c/b2d0f5d5dc53532e6f07bc546a476a55ebdfe0f3 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68784 – xfs: fix a UAF problem in xattr repair
https://notcve.org/view.php?id=CVE-2025-68784
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchk_setup_xattr_buf function can allocate a new value buffer, which means that any reference to ab->value before the call could become a dangling pointer. Fix this by moving an assignment to after the buffer setup. In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchk_setup_xattr_buf function can allocate a new value buffer, which means... • https://git.kernel.org/stable/c/e47dcf113ae348678143cc935a1183059c02c9ad •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68783 – ALSA: usb-mixer: us16x08: validate meter packet indices
https://notcve.org/view.php?id=CVE-2025-68783
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices get_meter_levels_from_urb() parses the 64-byte meter packets sent by the device and fills the per-channel arrays meter_level[], comp_level[] and master_level[] in struct snd_us16x08_meter_store. Currently the function derives the channel index directly from the meter packet (MUB2(meter_urb, s) - 1) and uses it to index those arrays without validating the range. If the packet contains a... • https://git.kernel.org/stable/c/d2bb390a2081a36ffe906724d2848d846f2aeb29 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68782 – scsi: target: Reset t_task_cdb pointer in error case
https://notcve.org/view.php?id=CVE-2025-68782
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb pointer in error case If allocation of cmd->t_task_cdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL t_task_cdb value to point at the default fixed-size buffer. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb pointer in error case If allocation ... • https://git.kernel.org/stable/c/9e95fb805dc043cc8ed878a08d1583e4097a5f80 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68781 – usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
https://notcve.org/view.php?id=CVE-2025-68781
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_otg_conf() and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2. When the USB ID pin state changes (cable insertion/removal). A race condition occurs when the device is removed via fsl_otg_remove(): the fsl_otg instance may be freed while the delayed work is still pending o... • https://git.kernel.org/stable/c/0807c500a1a6d7fa20cbd7bbe7fea14a66112463 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68780 – sched/deadline: only set free_cpus for online runqueues
https://notcve.org/view.php?id=CVE-2025-68780
13 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set free_cpus for online runqueues Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") introduced the cpudl_set/clear_freecpu functions to allow the cpu_dl::free_cpus mask to be manipulated by the deadline scheduler class rq_on/offline callbacks so the mask would also reflect this state. Commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()") removed the check o... • https://git.kernel.org/stable/c/9659e1eeee28f7025b6545934d644d19e9c6e603 •