CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68236 – scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3)
https://notcve.org/view.php?id=CVE-2025-68236
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with Power_Condition=3 and await a response. - Asserting RST_N low. - Turning off REF_CLK. - Turning off VCC. - Turning off VCCQ/VCCQ2. As part of ufs shutdown, after the SSU command completion, asserting hardware reset (HWRST) triggers the device firmware to wake up ... • https://git.kernel.org/stable/c/b712f234a74c1f5ce70b5d7aec3fc2499c258141 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68233 – drm/tegra: Add call to put_pid()
https://notcve.org/view.php?id=CVE-2025-68233
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to put_pid() Add a call to put_pid() corresponding to get_task_pid(). host1x_memory_context_alloc() does not take ownership of the PID so we need to free it here to avoid leaking. [mperttunen@nvidia.com: reword commit message] In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to put_pid() Add a call to put_pid() corresponding to get_task_pid(). host1x_memory_context_alloc() does not ... • https://git.kernel.org/stable/c/e09db97889ec647ad373f7a7422c83099c6120c5 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68231 – mm/mempool: fix poisoning order>0 pages with HIGHMEM
https://notcve.org/view.php?id=CVE-2025-68231
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempool: fix poisoning order>0 pages with HIGHMEM The kernel test has reported: BUG: unable to handle page fault for address: fffba000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page *pde = 03171067 *pte = 00000000 Oops: Oops: 0002 [#1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca Tainted: [T]=RANDSTRUCT Hardware na... • https://git.kernel.org/stable/c/bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68230 – drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
https://notcve.org/view.php?id=CVE-2025-68230
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is not restored on resume, register mmCP_HYP_XCP_CTL and mmCP_PSP_XCP_CTL is not right after resume. When CP access the MQD BO, wrong stride size is used, this will cause out of bound access on the MQD BO, resulting pag... • https://git.kernel.org/stable/c/a45d6359eefb41e08d374a3260b10bff5626823b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68229 – scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
https://notcve.org/view.php?id=CVE-2025-68229
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() If the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we attempt to dereference it in tcm_loop_tpg_address_show() we will get a segfault, see below for an example. So, check tl_hba->sh before dereferencing it. Unable to allocate struct scsi_host BUG: kernel NULL pointer dereference, address: 0000000000000194 #PF: supervisor read access in kernel mode #PF: err... • https://git.kernel.org/stable/c/2628b352c3d4905adf8129ea50900bd980b6ccef •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68227 – mptcp: Fix proto fallback detection with BPF
https://notcve.org/view.php?id=CVE-2025-68227
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the sk_prot of sockets during protocol stack processing with sockmap's custom read/write interfaces. ''' tcp_rcv_state_process() syn_recv_sock()/subflow_syn_recv_sock() tcp_init_transfer(BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB) bpf_skops_established <== sockops bpf_sock_map_update(sk) <== call bpf helper tcp_bpf... • https://git.kernel.org/stable/c/0b4f33def7bbde1ce2fea05f116639270e7acdc7 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68224 – scsi: core: Fix a regression triggered by scsi_host_busy()
https://notcve.org/view.php?id=CVE-2025-68224
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a regression triggered by scsi_host_busy() Commit 995412e23bb2 ("blk-mq: Replace tags->lock with SRCU for tag iterators") introduced the following regression: Call trace: __srcu_read_lock+0x30/0x80 (P) blk_mq_tagset_busy_iter+0x44/0x300 scsi_host_busy+0x38/0x70 ufshcd_print_host_state+0x34/0x1bc ufshcd_link_startup.constprop.0+0xe4/0x2e0 ufshcd_init+0x944/0xf80 ufshcd_pltfrm_init+0x504/0x820 ufs_rockchip_probe+0x2c/0x88 plat... • https://git.kernel.org/stable/c/143257917b836bd5fc434063030fda199e249624 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68223 – drm/radeon: delete radeon_fence_process in is_signaled, no deadlock
https://notcve.org/view.php?id=CVE-2025-68223
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Delete the attempt to progress the queue when checking if fence is signaled. This avoids deadlock. dma-fence_ops::signaled can be called with the fence lock in unknown state. For radeon, the fence lock is also the wait queue lock. This can cause a self deadlock when signaled() tries to make forward progress on the wait queue. But advancing the queue is unneeded because inco... • https://git.kernel.org/stable/c/73bc12d6a547f9571ce4393acfd73c004e2df9e5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68220 – net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error
https://notcve.org/view.php?id=CVE-2025-68220
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Make knav_dma_open_channel consistently return NULL on error instead of ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h returns NULL when the driver is disabled, but the driver implementation does not even return NULL or ERR_PTR on failure, causing inconsistency in the users. This results in a crash in netcp_free_navigator_resources as followed... • https://git.kernel.org/stable/c/5b6cb43b4d625b04a4049d727a116edbfe5cf0f4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68219 – cifs: fix memory leak in smb3_fs_context_parse_param error path
https://notcve.org/view.php?id=CVE-2025-68219
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3_fs_context_parse_param error path Add proper cleanup of ctx->source and fc->source to the cifs_parse_mount_err error handler. This ensures that memory allocated for the source strings is correctly freed on all error paths, matching the cleanup already performed in the success path by smb3_cleanup_fs_context_contents(). Pointers are also set to NULL after freeing to prevent potential double-free issues. This cha... • https://git.kernel.org/stable/c/24e0a1eff9e2b9835a6e7c17039dfb6ecfd81f1f •