CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68206 – netfilter: nft_ct: add seqadj extension for natted connections
https://notcve.org/view.php?id=CVE-2025-68206
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control connection. This can require changes to the TCP length and expected seq / ack_seq. The easiest way to reproduce this issue is with PASV mode. Example ruleset: table inet ftp_nat { ct helper ftp_helper { type "ftp" protocol tcp l3proto ine... • https://git.kernel.org/stable/c/1a64edf54f55d7956cf5a0d95898bc1f84f9b818 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68204 – pmdomain: arm: scmi: Fix genpd leak on provider registration failure
https://notcve.org/view.php?id=CVE-2025-68204
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak and potential kernel crash later in genpd_debug_add(). Add proper error handling to unwind the initialized domains before returning from probe to ensure all resources are correctly released on failure. Example crash trace observed wi... • https://git.kernel.org/stable/c/898216c97ed2ebfffda659ce12388da43534de6c •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68203 – drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process
https://notcve.org/view.php?id=CVE-2025-68203
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process Fix a potential deadlock caused by inconsistent spinlock usage between interrupt and process contexts in the userq fence driver. The issue occurs when amdgpu_userq_fence_driver_process() is called from both: - Interrupt context: gfx_v11_0_eop_irq() -> amdgpu_userq_fence_driver_process() - Process context: amdgpu_eviction_fence_suspend_worker() -> amdgpu_userq_fence_driver_for... • https://git.kernel.org/stable/c/1ad70a06d7e91c378b346a3718c81abb50a74b74 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68201 – drm/amdgpu: remove two invalid BUG_ON()s
https://notcve.org/view.php?id=CVE-2025-68201
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. • https://git.kernel.org/stable/c/eaf12bffd7f79f4d46ec028706f9d1a2d90f46fd •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68200 – bpf: Add bpf_prog_run_data_pointers()
https://notcve.org/view.php?id=CVE-2025-68200
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 __sk_skb_reason_drop net/core/skbuff.c:1189 [inline] WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 sk_skb_reason_drop+0x76/0x170 net/core/skbuff.c:1214 struct tc_skb_cb has been added in commit ec624fe740b4 ("net/sched:... • https://git.kernel.org/stable/c/0d76daf2013ce1da20eab5e26bd81d983e1c18fb •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68198 – crash: fix crashkernel resource shrink
https://notcve.org/view.php?id=CVE-2025-68198
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash if crashkernel shrinking is done twice For example, with crashkernel=200M,high, the kernel reserves 200MB of high memory and some default low memory (say 256MB). The reservation appears as: cat /proc/iomem | grep -i ... • https://git.kernel.org/stable/c/16c6006af4d4e70ecef93977a5314409d931020b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68196 – drm/amd/display: Cache streams targeting link when performing LT automation
https://notcve.org/view.php?id=CVE-2025-68196
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation [WHY] Last LT automation update can cause crash by referencing current_state and calling into dc_update_planes_and_stream which may clobber current_state. [HOW] Cache relevant stream pointers and iterate through them instead of relying on the current_state. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting l... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68194 – media: imon: make send_packet() more robust
https://notcve.org/view.php?id=CVE-2025-68194
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0() once got -EPROTO error after ictx->dev_present_intf0 became true, usb_rx_callback_intf0() resubmits urb after printk(), and resubmitted urb causes usb_rx_callback_intf0() to again get -EPROTO error. This results in printk() flooding ... • https://git.kernel.org/stable/c/519737af11c03590819a6eec2ad532cfdb87ea63 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68193 – drm/xe/guc: Add devm release action to safely tear down CT
https://notcve.org/view.php?id=CVE-2025-68193
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Add devm release action to safely tear down CT When a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag, the driver initiates TLB invalidation requests via the CTB mechanism while releasing the BO. However a premature release of the CTB BO can lead to system crashes, as observed in: Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:h2g_write+0x2f3/0x7c0 [xe] Call Trace: guc_ct_send_locked+0x8b/0x670 [xe] xe_guc_ct... • https://git.kernel.org/stable/c/52faa05fcd9f78af99abebe30a4b7b444744c991 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68192 – net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
https://notcve.org/view.php?id=CVE-2025-68192
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due to strict alignment checks. Initialize the MAC header to prevent such crashes. This can trigger kernel panics on ARM when running IPsec over the qmimux0 interface. Example trace: Internal error: Oops: 000000009... • https://git.kernel.org/stable/c/c6adf77953bcec0ad63d7782479452464e50f7a3 •