CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68331 – usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer
https://notcve.org/view.php?id=CVE-2025-68331
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to an invalid memory address during URB callback handling. Specifically, this happens when the dma_direct_unmap_sg() function is called within the usb_hcd_unmap_urb_for_dma() interface, but the sg->dma_address field is... • https://git.kernel.org/stable/c/eb2a86ae8c544be0ab04aa8169390c0669bc7148 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68330 – iio: accel: bmc150: Fix irq assumption regression
https://notcve.org/view.php?id=CVE-2025-68330
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) ... • https://git.kernel.org/stable/c/c16bff4844ffa678ba0c9d077e9797506924ccdd •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68328 – firmware: stratix10-svc: fix bug in saving controller data
https://notcve.org/view.php?id=CVE-2025-68328
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platform_set_drvdata and dev_set_drvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to fail and throw a kernel panic for kthread_stop and fifo free. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/b5dc75c915cdaebab9b9875022e45638d6b14a7e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68327 – usb: renesas_usbhs: Fix synchronous external abort on unbind
https://notcve.org/view.php?id=CVE-2025-68327
22 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f_ecm modprobe libcomposite modprobe configfs cd /sys/kernel/config/usb_gadget mkdir -p g1 cd g1 echo "0x1d6b" > idVendor echo "0x0104" > idProduct mkdir -p strings/0x409 echo "0123456789" > strings/0x409/serialnumber echo "Renesas." > ... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-68325 – net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
https://notcve.org/view.php?id=CVE-2025-68325
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This m... • https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68324 – scsi: imm: Fix use-after-free bug caused by unfinished delayed work
https://notcve.org/view.php?id=CVE-2025-68324
18 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM parallel port SCSI host adapter is detached through imm_detach(), the imm_struct device instance is deallocated. However, the delayed work might still be pending or executing when imm_detach() is called, leading to use-after-free bugs... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68322 – parisc: Avoid crash due to unaligned access in unwinder
https://notcve.org/view.php?id=CVE-2025-68322
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: [<104320d4>] unwind_once+0x1c/0x5c [<10434a00>] walk_stackframe.isra.0+0x74/0xb8 [<10434a6c>] arch_stack_walk+0x28/0x38 [<104e5efc>] stack_trace_save+0x48/0x5c [<105d1bdc>] set_track_prepare+0x44/0x6c [<105d9c80>] ___slab_alloc+0xfc4/0x1024 [<105d9d38>] __slab_a... • https://git.kernel.org/stable/c/c8921d72e390cb6fca3fb2b0c2badfda851647eb •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68321 – page_pool: always add GFP_NOWARN for ATOMIC allocations
https://notcve.org/view.php?id=CVE-2025-68321
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network Rx to hit page allocation failures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations by default. In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN fo... • https://git.kernel.org/stable/c/ff7d6b27f894f1469dc51ccb828b7363ccd9799f •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68320 – lan966x: Fix sleeping in atomic context
https://notcve.org/view.php?id=CVE-2025-68320
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 104, name: dropbear preempt_count: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 UID: 0 PID: 104 Comm: dropbear Tainted: G W 6.18.0-rc2-00399-g6f1ab1b109b9-dirty #530 NONE Tainted: [W]... • https://git.kernel.org/stable/c/12c2d0a5b8e2a1afc8c7738e19a0d1dd7f3d4007 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-68315 – f2fs: fix to detect potential corrupted nid in free_nid_list
https://notcve.org/view.php?id=CVE-2025-68315
16 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fs_alloc_nid() to detect any potential corruption in free_nid_list. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let'... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •