CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68364 – ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
https://notcve.org/view.php?id=CVE-2025-68364
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() In '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just to avoid crashing the whole kernel due to a filesystem corruption. In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() In '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just to avoid crashing the whole kernel due to a filesystem ... • https://git.kernel.org/stable/c/8f603e567aa7a243e68ca48b4f105b990851360f •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68363 – bpf: Check skb->transport_header is set in bpf_skb_check_mtu
https://notcve.org/view.php?id=CVE-2025-68363
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0, BPF_MTU_CHK_SEGS) The transport_header is not always set. There is a WARN_ON_ONCE report when CONFIG_DEBUG_NET is enabled + skb->gso_size is set + bpf_prog_test_run is used: WARNING: CPU: 1 PID: 2216 at ./include/linux/skbuff.h:3071 s... • https://git.kernel.org/stable/c/34b2021cc61642d61c3cf943d9e71925b827941b •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68362 – wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
https://notcve.org/view.php?id=CVE-2025-68362
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header. If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, ... • https://git.kernel.org/stable/c/6f7853f3cbe457067e9fe05461f56c7ea4ac488c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68358 – btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
https://notcve.org/view.php?id=CVE-2025-68358
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfs_clear_space_info_full() From the memory-barriers.txt document regarding memory barrier ordering guarantees: (*) These guarantees do not apply to bitfields, because compilers often generate code to modify these using non-atomic read-modify-write sequences. Do not attempt to use bitfields to synchronize parallel algorithms. (*) Even in cases where bitfields are protected by locks, all fields in a given ... • https://git.kernel.org/stable/c/957780eb2788d8c218d539e19a85653f51a96dc1 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68354 – regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex
https://notcve.org/view.php?id=CVE-2025-68354
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and regulator_unregister_supply_alias(). Concurrent registration, unregistration and lookups can race, leading to: 1 use-after-free if an alias entry is removed while being read, 2 duplicate entries when two threads register the same alias,... • https://git.kernel.org/stable/c/a06ccd9c3785fa5550917ae036944f4e080b5749 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68349 – NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
https://notcve.org/view.php?id=CVE-2025-68349
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout. In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear... • https://git.kernel.org/stable/c/fe1cf9469d7bcb6af27e42eb555a41b0135bce4a •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68347 – ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
https://notcve.org/view.php?id=CVE-2025-68347
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header size (8 bytes). Fix by using min_t() to clamp the copy size, This ensures we never copy more than the user requested. In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix b... • https://git.kernel.org/stable/c/634ec0b2906efd46f6f57977e172aa3470aca432 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68346 – ALSA: dice: fix buffer overflow in detect_stream_formats()
https://notcve.org/view.php?id=CVE-2025-68346
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats(). In the Linux kernel, the following vulnerability h... • https://git.kernel.org/stable/c/58579c056c1c9510ae6695ed8e01ee05bbdcfb23 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68345 – ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()
https://notcve.org/view.php?id=CVE-2025-68345
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value is then dereferenced without checking,so add a check to prevent a crash. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NU... • https://git.kernel.org/stable/c/7b2f3eb492dac7665c75df067e4d8e4869589f4a •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68344 – ALSA: wavefront: Fix integer overflow in sample size validation
https://notcve.org/view.php?id=CVE-2025-68344
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int for comparison with dev->freemem Fix by using unsigned comparison to avoid integer overflow. In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wave... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •