CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68219 – cifs: fix memory leak in smb3_fs_context_parse_param error path
https://notcve.org/view.php?id=CVE-2025-68219
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3_fs_context_parse_param error path Add proper cleanup of ctx->source and fc->source to the cifs_parse_mount_err error handler. This ensures that memory allocated for the source strings is correctly freed on all error paths, matching the cleanup already performed in the success path by smb3_cleanup_fs_context_contents(). Pointers are also set to NULL after freeing to prevent potential double-free issues. This cha... • https://git.kernel.org/stable/c/24e0a1eff9e2b9835a6e7c17039dfb6ecfd81f1f •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68218 – nvme-multipath: fix lockdep WARN due to partition scan work
https://notcve.org/view.php?id=CVE-2025-68218
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix lockdep WARN due to partition scan work Blktests test cases nvme/014, 057 and 058 fail occasionally due to a lockdep WARN. As reported in the Closes tag URL, the WARN indicates that a deadlock can happen due to the dependency among disk->open_mutex, kblockd workqueue completion and partition_scan_work completion. To avoid the lockdep WARN and the potential deadlock, cut the dependency by running the partition_scan_work n... • https://git.kernel.org/stable/c/60de2e03f984cfbcdc12fa552f95087c35a05a98 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68217 – Input: pegasus-notetaker - fix potential out-of-bounds access
https://notcve.org/view.php?id=CVE-2025-68217
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer. Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pe... • https://git.kernel.org/stable/c/1afca2b66aac7ac262d3511c68725e9e7053b40f •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68214 – timers: Fix NULL function pointer race in timer_shutdown_sync()
https://notcve.org/view.php?id=CVE-2025-68214
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timer_shutdown_sync() There is a race condition between timer_shutdown_sync() and timer expiration that can lead to hitting a WARN_ON in expire_timers(). The issue occurs when timer_shutdown_sync() clears the timer function to NULL while the timer is still running on another CPU. The race scenario looks like this: CPU0 CPU1
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68211 – ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
https://notcve.org/view.php?id=CVE-2025-68211
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Currently, scan_get_next_rmap_item() walks every page address in a VMA to locate mergeable pages. This becomes highly inefficient when scanning large virtual memory areas that contain mostly unmapped regions, causing ksmd to use large amount of cpu without deduplicating much pages. This patch replaces the per-address lookup with a range walk using walk_page_range(). ... • https://git.kernel.org/stable/c/31dbd01f314364b70c2e026a5793a29a4da8a9dc •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68209 – mlx5: Fix default values in create CQ
https://notcve.org/view.php?id=CVE-2025-68209
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5_add_cq_to_tasklet function by default. This is problematic since only user CQs created through the mlx5_ib driver are intended to use this function. Additionally, all CQs that will use doorbells instead of polling for completions must call mlx5_cq_arm. However, the default CQ creation flow leaves a valid value in the CQ's arm_db field, a... • https://git.kernel.org/stable/c/cdd04f4d4d71cbf93d0d9abe63bc838f47c467fa •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68206 – netfilter: nft_ct: add seqadj extension for natted connections
https://notcve.org/view.php?id=CVE-2025-68206
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control connection. This can require changes to the TCP length and expected seq / ack_seq. The easiest way to reproduce this issue is with PASV mode. Example ruleset: table inet ftp_nat { ct helper ftp_helper { type "ftp" protocol tcp l3proto ine... • https://git.kernel.org/stable/c/1a64edf54f55d7956cf5a0d95898bc1f84f9b818 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68204 – pmdomain: arm: scmi: Fix genpd leak on provider registration failure
https://notcve.org/view.php?id=CVE-2025-68204
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak and potential kernel crash later in genpd_debug_add(). Add proper error handling to unwind the initialized domains before returning from probe to ensure all resources are correctly released on failure. Example crash trace observed wi... • https://git.kernel.org/stable/c/898216c97ed2ebfffda659ce12388da43534de6c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68201 – drm/amdgpu: remove two invalid BUG_ON()s
https://notcve.org/view.php?id=CVE-2025-68201
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. • https://git.kernel.org/stable/c/3d879e81f0f9ed5d33b5eda0fe5226c884bb8073 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68200 – bpf: Add bpf_prog_run_data_pointers()
https://notcve.org/view.php?id=CVE-2025-68200
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 __sk_skb_reason_drop net/core/skbuff.c:1189 [inline] WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 sk_skb_reason_drop+0x76/0x170 net/core/skbuff.c:1214 struct tc_skb_cb has been added in commit ec624fe740b4 ("net/sched:... • https://git.kernel.org/stable/c/0d76daf2013ce1da20eab5e26bd81d983e1c18fb •