CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50698 – ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
https://notcve.org/view.php?id=CVE-2022-50698
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() If clk_hw_register() fails, the corresponding clk should not be unregistered. To handle errors from loops, clean up partial iterations before doing the goto. So add a clk_hw_unregister(). Then use a while (--i >= 0) loop in the unwind section. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/78013a1cf2971684775f6956d5666237ac53a1aa •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50697 – mrp: introduce active flags to prevent UAF when applicant uninit
https://notcve.org/view.php?id=CVE-2022-50697
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of del_timer_sync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be successful. And syzbot report the fellowing crash: ================================================================== BUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline] BUG: KASAN: use-... • https://git.kernel.org/stable/c/febf018d22347b5df94066bca05d0c11a84e839d •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68733 – smack: fix bug: unprivileged task can create labels
https://notcve.org/view.php?id=CVE-2025-68733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc/PID/attr/smack/current This occurs because do_setattr() imports the provided label in advance, before checking "relabel-self" list. This change ensures that the "relabel-self" list is checked before importing the label. In the Linux ... • https://git.kernel.org/stable/c/38416e53936ecf896948fdeffc36b76979117952 •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68732 – gpu: host1x: Fix race in syncpt alloc/free
https://notcve.org/view.php?id=CVE-2025-68732
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no thread can acquire the syncpt_mutex after the refcount drops to zero but before syncpt_release acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release. Remove explicit mutex ... • https://git.kernel.org/stable/c/f5ba33fb9690566c382624637125827b5512e766 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68728 – ntfs3: fix uninit memory after failed mi_read in mi_format_new
https://notcve.org/view.php?id=CVE-2025-68728
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the buffer uptodate before setting it as uptodate. If the buffer were to not be uptodate, it could mean adding a buffer with un-init data to the mi record. Attempting to load that record will trigger KMSAN. Avoid this by setting the buffer... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68727 – ntfs3: Fix uninit buffer allocated by __getname()
https://notcve.org/view.php?id=CVE-2025-68727
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN. ... • https://git.kernel.org/stable/c/78ab59fee07f22464f32eafebab2bd97ba94ff2d •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68725 – bpf: Do not let BPF test infra emit invalid GSO types to stack
https://notcve.org/view.php?id=CVE-2025-68725
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When a BPF program - triggered via BPF test infra - pushes the packet to the loopback device via bpf_clone_redirect() then mentioned offload warning can be seen. GSO-related features are then rightfully disabled. We get into this situation... • https://git.kernel.org/stable/c/850a88cc4096fe1df407452ba2e4d28cf5b3eee9 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-68724 – crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
https://notcve.org/view.php?id=CVE-2025-68724
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_key_id structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a possible buffer overflow when copying data from potentially malicious X.509 certificate fields that can be arbitrarily large, such as ASN.1 INTEGER serial num... • https://git.kernel.org/stable/c/7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-68380 – wifi: ath11k: fix peer HE MCS assignment
https://notcve.org/view.php?id=CVE-2025-68380
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11k_wmi_send_peer_assoc_cmd(), peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's definition. While connecting to a misbehaved AP that advertises 0xffff (meaning not supported) for 160 MHz transmit MCS map, firmware crashes due to 0xffff is assigned to he_mcs->rx_mcs_set field. Ext Tag: HE Capabilities [...] Suppor... • https://git.kernel.org/stable/c/61fe43e7216df6e9a912d831aafc7142fa20f280 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68379 – RDMA/rxe: Fix null deref on srq->rq.queue after resize failure
https://notcve.org/view.php?id=CVE-2025-68379
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The first call may fail in rxe_queue_resize(), which leads rxe_srq_from_attr() to set srq->rq.queue = NULL. The second call then triggers a crash (null deref) when accessing srq->rq.queue->buf->index_mask. Call Trace: