CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68190 – drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
https://notcve.org/view.php?id=CVE-2025-68190
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a potential NULL pointer dereference in atom_get_src_int() when accessing WS entries. Return -ENOMEM on allocation failure to avoid the NULL dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom:... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68188 – tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
https://notcve.org/view.php?id=CVE-2025-68188
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. • https://git.kernel.org/stable/c/cf1ef3f0719b4dcb74810ed507e2a2540f9811b4 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68185 – nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
https://notcve.org/view.php?id=CVE-2025-68185
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack. Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that. In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68184 – drm/mediatek: Disable AFBC support on Mediatek DRM driver
https://notcve.org/view.php?id=CVE-2025-68184
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modifier. However, this is currently broken on Mediatek MT8188 (Genio 700 EVK platform); tested using upstream Kernel and Mesa (v25.2.1), AFBC is used by default since Mesa v25.0. Kernel trace reports vblank timeouts constantly, and the re... • https://git.kernel.org/stable/c/c410fa9b07c32cc69968ec83a148366d16c76dc4 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68183 – ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
https://notcve.org/view.php?id=CVE-2025-68183
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then writes/removes some other security xattr for the file. For example, on Fedora, after booting the kernel with "ima_appraise=fix evm=fix ima_policy=appraise_tcb" and installing rpm-plugin-ima, installing/reinstalling... • https://git.kernel.org/stable/c/e3ccfe1ad7d895487977ef64eda3441d16c9851a •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68179 – s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP
https://notcve.org/view.php?id=CVE-2025-68179
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashes. The problem is that kernel page tables are modified without flushing corresponding TLB entries. Even if it looks like the empty flush_tlb_all() implementation on s390 is the problem, it is actually a different problem: on s390 it is not allowed to replace an active/valid page table entry with another valid page... • https://git.kernel.org/stable/c/00a34d5a99c0631bd780b14cbe3813d0b39c3886 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68177 – cpufreq/longhaul: handle NULL policy in longhaul_exit
https://notcve.org/view.php?id=CVE-2025-68177
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longhaul_exit longhaul_exit() was calling cpufreq_cpu_get(0) without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic. This patch adds a check using unlikely() and returns early if the policy is NULL. Bugzilla: #219962 In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longh... • https://git.kernel.org/stable/c/b43a7ffbf33be7e4d3b10b7714ee663ea2c52fe2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68176 – PCI: cadence: Check for the existence of cdns_pcie::ops before using it
https://notcve.org/view.php?id=CVE-2025-68176
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops. Hence, add a check to prevent NULL pointer dereference. [mani: reworded subject and description] In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie:... • https://git.kernel.org/stable/c/40d957e6f9eb3a8a585007b8b730340c829afbdb •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68173 – ftrace: Fix softlockup in ftrace_module_enable
https://notcve.org/view.php?id=CVE-2025-68173
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftrace_module_enable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsyms_lookup can spend too much time in RCU critical section and with disabled preemption, causing kernel panic. This is the same issue that was fixed in commit d0b24b4e91fc ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY kernels") and commit 42ea22e754ba ("ftrace: Add cond_... • https://git.kernel.org/stable/c/b7ffffbb46f205e7727a18bcc7a46c3c2b534f7c •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68172 – crypto: aspeed - fix double free caused by devm
https://notcve.org/view.php?id=CVE-2025-68172
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove(). In the Linux kernel, the following vulnerability has been resolved: cryp... • https://git.kernel.org/stable/c/2f1cf4e50c956f882c9fc209c7cded832b67b8a3 •