CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68379 – RDMA/rxe: Fix null deref on srq->rq.queue after resize failure
https://notcve.org/view.php?id=CVE-2025-68379
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The first call may fail in rxe_queue_resize(), which leads rxe_srq_from_attr() to set srq->rq.queue = NULL. The second call then triggers a crash (null deref) when accessing srq->rq.queue->buf->index_mask. Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68378 – bpf: Fix stackmap overflow check in __bpf_get_stackid()
https://notcve.org/view.php?id=CVE-2025-68378
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stackid() Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid() when copying stack trace data. The issue occurs when the perf trace contains more stack entries than the stack map bucket can hold, leading to an out-of-bounds write in the bucket's data array. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stack... • https://git.kernel.org/stable/c/ee2a098851bfbe8bcdd964c0121f4246f00ff41e •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-68372 – nbd: defer config put in recv_work
https://notcve.org/view.php?id=CVE-2025-68372
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // conf_ref=3 recv_work A done // conf_ref=2 NBD_CLEAR_SOCK // conf_ref=1 nbd_genl_reconfigure // conf_ref=2 (trigger recv_work B) close nbd // conf_ref=1 recv_work B config_put // conf_ref=0 atomic_dec(&config->recv_threads); -> UAF Or only running NBD_... • https://git.kernel.org/stable/c/87aac3a80af5cbad93e63250e8a1e19095ba0d30 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68367 – macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
https://notcve.org/view.php?id=CVE-2025-68367
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ list_add double add: new=ffffffffa57eee28, prev=ffffffffa57eee28, next=ffffffffa5e63100. WARNING: CPU: 0 PID: 1491 at lib/list_debug.c:35 __list_add_valid_or_report+0xf7/0x130 Modules linked in: CPU: 0 PID: 1491 Comm: syz.1.28 Not tainted ... • https://git.kernel.org/stable/c/99b089c3c38a83ebaeb1cc4584ddcde841626467 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68366 – nbd: defer config unlock in nbd_genl_connect
https://notcve.org/view.php?id=CVE-2025-68366
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_device // config_refs=2 set NBD_RT_HAS_CONFIG_REF open nbd // config_refs=3 recv_work done // config_refs=2 NBD_CLEAR_SOCK // config_refs=1 close nbd // config_refs=0 refcount_inc -> uaf ------------[ cut here ]------------ refcount_t: addition... • https://git.kernel.org/stable/c/e46c7287b1c27683a8e30ca825fb98e2b97f1099 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68364 – ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
https://notcve.org/view.php?id=CVE-2025-68364
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() In '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just to avoid crashing the whole kernel due to a filesystem corruption. In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() In '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just to avoid crashing the whole kernel due to a filesystem ... • https://git.kernel.org/stable/c/8f603e567aa7a243e68ca48b4f105b990851360f •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68362 – wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
https://notcve.org/view.php?id=CVE-2025-68362
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header. If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, ... • https://git.kernel.org/stable/c/6f7853f3cbe457067e9fe05461f56c7ea4ac488c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68358 – btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
https://notcve.org/view.php?id=CVE-2025-68358
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfs_clear_space_info_full() From the memory-barriers.txt document regarding memory barrier ordering guarantees: (*) These guarantees do not apply to bitfields, because compilers often generate code to modify these using non-atomic read-modify-write sequences. Do not attempt to use bitfields to synchronize parallel algorithms. (*) Even in cases where bitfields are protected by locks, all fields in a given ... • https://git.kernel.org/stable/c/957780eb2788d8c218d539e19a85653f51a96dc1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68354 – regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex
https://notcve.org/view.php?id=CVE-2025-68354
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and regulator_unregister_supply_alias(). Concurrent registration, unregistration and lookups can race, leading to: 1 use-after-free if an alias entry is removed while being read, 2 duplicate entries when two threads register the same alias,... • https://git.kernel.org/stable/c/a06ccd9c3785fa5550917ae036944f4e080b5749 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68349 – NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
https://notcve.org/view.php?id=CVE-2025-68349
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout. In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear... • https://git.kernel.org/stable/c/fe1cf9469d7bcb6af27e42eb555a41b0135bce4a •