CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68246 – ksmbd: close accepted socket when per-IP limit rejects connection
https://notcve.org/view.php?id=CVE-2025-68246
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbd_kthread_fn(), the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket. That leaks one socket per rejected attempt from a single IP and enables a trivial remote DoS. Release client_sk before continuing. This bug was found with ZeroPath. In the Linux kernel, the following vulnerabil... • https://git.kernel.org/stable/c/7a3c7154d5fc05956a8ad9e72ecf49e21555bfca •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68245 – net: netpoll: fix incorrect refcount handling causing incorrect cleanup
https://notcve.org/view.php?id=CVE-2025-68245
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: netpoll: fix incorrect refcount handling causing incorrect cleanup commit efa95b01da18 ("netpoll: fix use after free") incorrectly ignored the refcount and prematurely set dev->npinfo to NULL during netpoll cleanup, leading to improper behavior and memory leaks. Scenario causing lack of proper cleanup: 1) A netpoll is associated with a NIC (e.g., eth0) and netdev->npinfo is allocated, and refcnt = 1 - Keep in mind that npinfo is shared... • https://git.kernel.org/stable/c/efa95b01da18ad22af62f6d99a3243f3be8fd264 •
CVSS: 5.6EPSS: 0%CPEs: 14EXPL: 0CVE-2025-68241 – ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
https://notcve.org/view.php?id=CVE-2025-68241
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe The sit driver's packet transmission path calls: sit_tunnel_xmit() -> update_or_create_fnhe(), which lead to fnhe_remove_oldest() being called to delete entries exceeding FNHE_RECLAIM_DEPTH+random. The race window is between fnhe_remove_oldest() selecting fnheX for deletion and the subsequent kfree_rcu(). During this time, the concurrent path's __mkroute_output() -> find_exc... • https://git.kernel.org/stable/c/e46e23c289f62ccd8e2230d9ce652072d777ff30 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68239 – binfmt_misc: restore write access before closing files opened by open_exec()
https://notcve.org/view.php?id=CVE-2025-68239
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on the file to avoid modification while it is being executed. However, when an error occurs, bm_register_write() closes the file using filp_close() directly. This does not restore the write permission, which may cause subsequent write oper... • https://git.kernel.org/stable/c/e7850f4d844e0acfac7e570af611d89deade3146 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68236 – scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3)
https://notcve.org/view.php?id=CVE-2025-68236
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with Power_Condition=3 and await a response. - Asserting RST_N low. - Turning off REF_CLK. - Turning off VCC. - Turning off VCCQ/VCCQ2. As part of ufs shutdown, after the SSU command completion, asserting hardware reset (HWRST) triggers the device firmware to wake up ... • https://git.kernel.org/stable/c/b712f234a74c1f5ce70b5d7aec3fc2499c258141 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68231 – mm/mempool: fix poisoning order>0 pages with HIGHMEM
https://notcve.org/view.php?id=CVE-2025-68231
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempool: fix poisoning order>0 pages with HIGHMEM The kernel test has reported: BUG: unable to handle page fault for address: fffba000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page *pde = 03171067 *pte = 00000000 Oops: Oops: 0002 [#1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca Tainted: [T]=RANDSTRUCT Hardware na... • https://git.kernel.org/stable/c/bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68230 – drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
https://notcve.org/view.php?id=CVE-2025-68230
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is not restored on resume, register mmCP_HYP_XCP_CTL and mmCP_PSP_XCP_CTL is not right after resume. When CP access the MQD BO, wrong stride size is used, this will cause out of bound access on the MQD BO, resulting pag... • https://git.kernel.org/stable/c/a45d6359eefb41e08d374a3260b10bff5626823b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68229 – scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
https://notcve.org/view.php?id=CVE-2025-68229
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() If the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we attempt to dereference it in tcm_loop_tpg_address_show() we will get a segfault, see below for an example. So, check tl_hba->sh before dereferencing it. Unable to allocate struct scsi_host BUG: kernel NULL pointer dereference, address: 0000000000000194 #PF: supervisor read access in kernel mode #PF: err... • https://git.kernel.org/stable/c/2628b352c3d4905adf8129ea50900bd980b6ccef •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68227 – mptcp: Fix proto fallback detection with BPF
https://notcve.org/view.php?id=CVE-2025-68227
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the sk_prot of sockets during protocol stack processing with sockmap's custom read/write interfaces. ''' tcp_rcv_state_process() syn_recv_sock()/subflow_syn_recv_sock() tcp_init_transfer(BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB) bpf_skops_established <== sockops bpf_sock_map_update(sk) <== call bpf helper tcp_bpf... • https://git.kernel.org/stable/c/0b4f33def7bbde1ce2fea05f116639270e7acdc7 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68224 – scsi: core: Fix a regression triggered by scsi_host_busy()
https://notcve.org/view.php?id=CVE-2025-68224
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a regression triggered by scsi_host_busy() Commit 995412e23bb2 ("blk-mq: Replace tags->lock with SRCU for tag iterators") introduced the following regression: Call trace: __srcu_read_lock+0x30/0x80 (P) blk_mq_tagset_busy_iter+0x44/0x300 scsi_host_busy+0x38/0x70 ufshcd_print_host_state+0x34/0x1bc ufshcd_link_startup.constprop.0+0xe4/0x2e0 ufshcd_init+0x944/0xf80 ufshcd_pltfrm_init+0x504/0x820 ufs_rockchip_probe+0x2c/0x88 plat... • https://git.kernel.org/stable/c/143257917b836bd5fc434063030fda199e249624 •