CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68193 – drm/xe/guc: Add devm release action to safely tear down CT
https://notcve.org/view.php?id=CVE-2025-68193
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag, the driver initiates TLB invalidation requests via the CTB mechanism while releasing the BO. However a premature release of the CTB BO can lead to system crashes, as observed in: Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:h2g_write+0x2f3/0x7c0 [xe] Call Trace: guc_ct_send_locked+0x8b/0x670 [xe] xe_guc_ct... • https://git.kernel.org/stable/c/52faa05fcd9f78af99abebe30a4b7b444744c991 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68191 – udp_tunnel: use netdev_warn() instead of netdev_WARN()
https://notcve.org/view.php?id=CVE-2025-68191
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: use netdev_warn() instead of netdev_WARN() netdev_WARN() uses WARN/WARN_ON to print a backtrace along with file and line information. In this case, udp_tunnel_nic_register() returning an error is just a failed operation, not a kernel bug. udp_tunnel_nic_register() can fail due to a memory allocation failure (kzalloc() or udp_tunnel_nic_alloc()). This is a normal runtime error and not a kernel bug. Replace netdev_WARN() with netd... • https://git.kernel.org/stable/c/087f1ed450dc6e7e49ffbbbe5b78be1218c6d5e0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68190 – drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
https://notcve.org/view.php?id=CVE-2025-68190
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a potential NULL pointer dereference in atom_get_src_int() when accessing WS entries. Return -ENOMEM on allocation failure to avoid the NULL dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom:... • https://git.kernel.org/stable/c/35f3fb86bb0158a298d6834e7e110dcaf07f490c •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68188 – tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
https://notcve.org/view.php?id=CVE-2025-68188
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. • https://git.kernel.org/stable/c/bc2b881a0896c111c1041d8bb1f92a3b3873ace5 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68185 – nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
https://notcve.org/view.php?id=CVE-2025-68185
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack. Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that. In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/6025f641a0e30afdc5aa62017397b1860ad9f677 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68183 – ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
https://notcve.org/view.php?id=CVE-2025-68183
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then writes/removes some other security xattr for the file. For example, on Fedora, after booting the kernel with "ima_appraise=fix evm=fix ima_policy=appraise_tcb" and installing rpm-plugin-ima, installing/reinstalling... • https://git.kernel.org/stable/c/d2993a7e98eb70c737c6f5365a190e79c72b8407 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68178 – blk-cgroup: fix possible deadlock while configuring policy
https://notcve.org/view.php?id=CVE-2025-68178
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not tainted ------------------------------------------------------ check/1334 is trying to acquire lock: ff1100011d9d0678 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_unregister_queue+0x53/0x180 but task is already holding lock: ff1100011d9d00e0... • https://git.kernel.org/stable/c/e1729523759cda2c0afb76b1c88e0d2f2ef5b7cb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68177 – cpufreq/longhaul: handle NULL policy in longhaul_exit
https://notcve.org/view.php?id=CVE-2025-68177
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longhaul_exit longhaul_exit() was calling cpufreq_cpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic. This patch adds a check using unlikely() and returns early if the policy is NULL. Bugzilla: #219962 In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longh... • https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68176 – PCI: cadence: Check for the existence of cdns_pcie::ops before using it
https://notcve.org/view.php?id=CVE-2025-68176
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops. Hence, add a check to prevent NULL pointer dereference. [mani: reworded subject and description] In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie:... • https://git.kernel.org/stable/c/d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68175 – media: nxp: imx8-isi: Fix streaming cleanup on release
https://notcve.org/view.php?id=CVE-2025-68175
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can lead to situations where any release call (like from a simple "v4l2-ctl -l") may release a currently streaming queue when called on such a device. This is reproducible on an i.MX8MP board by streaming from an ISI capture device using gstreamer: gst-launch-1.0 -v v4l2sr... • https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6 •