CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68343 – can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header
https://notcve.org/view.php?id=CVE-2025-68343
23 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68342 – can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data
https://notcve.org/view.php?id=CVE-2025-68342
23 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The length of the data after the header depends on the gs_host_frame hf::flags and the active device features (e.g. time stamping). Introduce a new function gs_usb_get_minimum_length() and check that we have at least received the required amount of data before accessing it... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68340 – team: Move team device type change at the end of team_port_add
https://notcve.org/view.php?id=CVE-2025-68340
23 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device header_ops. In the case of the syzbot reproducer the gre0 device is already in state UP when it attempts to add it as a port device of team0, this fails but before that header_ops->create of team0 is changed from eth_header to ipgre_header in the call to team_dev_typ... • https://git.kernel.org/stable/c/1d76efe1577b4323609b1bcbfafa8b731eda071a •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68339 – atm/fore200e: Fix possible data race in fore200e_open()
https://notcve.org/view.php?id=CVE-2025-68339
23 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in the error handling path of fore200e_open() to prevent a data race. The field fore200e->available_cell_rate is a shared resource used to track available bandwidth. It is concurrently accessed by fore200e_open(), fore200e_close(), and fore200e_change_qos(). In fore200e_open(), the lock rate_mtx is correctly held when s... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68337 – jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted
https://notcve.org/view.php?id=CVE-2025-68337
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next RIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0 RSP: 0018:ffff888117aafa30 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff888... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2025-68336 – locking/spinlock/debug: Fix data-race in do_raw_write_lock
https://notcve.org/view.php?id=CVE-2025-68336
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: do_raw_write_lock+0x120/0x204 _raw_write_lock_irq do_exit call_usermodehelper_exec_async ret_from_fork read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0: do_raw_write_lock+0x88/0x204 _raw_write_lock_irq do_exit call_usermodehe... • https://git.kernel.org/stable/c/1a365e822372ba24c9da0822bc583894f6f3d821 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68335 – comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
https://notcve.org/view.php?id=CVE-2025-68335
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->read_subdev may not have initialized its pointer to &struct comedi_async as intended. Thus, any such dereferencing of &s->async->cmd will lead to general protection fault and kernel crash. Mitigate this problem by removing a call to pc... • https://git.kernel.org/stable/c/00aba6e7b5653a6607238ecdab7172318059d984 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68334 – platform/x86/amd/pmc: Add support for Van Gogh SoC
https://notcve.org/view.php?id=CVE-2025-68334
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally (non-X) SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 (s2idle causes a crash), this support was dropped by the Xbox Ally which only S0ix suspend. Since the handler is missing here, this causes the device to not suspend and the AMD GPU driver to crash while trying to resume afterwards due to a power hang. • https://git.kernel.org/stable/c/83cbaf14275a30f14cf558b09389a1664b173858 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68332 – comedi: c6xdigio: Fix invalid PNP driver unregistration
https://notcve.org/view.php?id=CVE-2025-68332
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler `c6xdigio_attach()` to configure a Comedi to use this driver, it tries to enable the parallel port PNP resources by registering a PNP driver with `pnp_register_driver()`, but ignores the return value. (The `struct pnp_driver` it uses h... • https://git.kernel.org/stable/c/2c89e159cd2f386285e9522d6476dd7e801bee22 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68331 – usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer
https://notcve.org/view.php?id=CVE-2025-68331
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to an invalid memory address during URB callback handling. Specifically, this happens when the dma_direct_unmap_sg() function is called within the usb_hcd_unmap_urb_for_dma() interface, but the sg->dma_address field is... • https://git.kernel.org/stable/c/eb2a86ae8c544be0ab04aa8169390c0669bc7148 •